During 2011 when the world saw “Arab Spring” springing on the scene, the online world was rife with the clashing of ideals, taking the form of activism, protests, retaliation, and pranks. While these activities encompassed more than data breaches (e.g., DDoS attacks), the theft of corporate and personal information was certainly a core tactic. This re-imagined and re-invigorated specter of “hacktivism” rose to haunt organizations around the world. This has been revealed by Verizon in the 2012 Data Breach Investigation Report (DBIR).
“This year our DBIR includes more incidents, derived from more contributors, and represents a broader and more diverse geographical scope. In fact, 2011 boasts the second-highest data loss total since we started keeping track in 2004,” shared Bryan Sartin, Director, Investigative Response, Verizon.
With the addition of Verizon’s 2011 caseload and data contributed from the security agencies globally, the DBIR outlines that outsiders are still dominating the scene of corporate data theft. Organized criminals were up to their typical misdeeds and were behind the majority of breaches in 2011.Activist groups created their fair share of misery and mayhem last year as well-and they stole more data than any other group. Their entrance onto the stage also served to change the landscape somewhat with regard to the motivations behind breaches. As one might expect with such a rise in external attackers, the proportion of insider incidents declined yet again this year to a comparatively scant 4%. According to the report, 98% attacks emerged from external agents while 81% utilized the same form of hacking.
Also the report underlines the fact of dramatic rise of hacktivism. In fact, hacking factored to 81 % of data breaches and 99 % of data loss.Â Malware also played a large part in data breaches at 69 % and 95 % of compromised records.
Further, Sartin points at the personally identifiable information (PII) which, he says, has become a jackpot for criminals. Citing report, he says that PII, which can include a person’s name, contact information and social security number, is increasingly becoming a choice target. In 2011, 95 % of records lost included personal information, compared with only 1 % in 2010.Â Besides, the reports brought forth the fact of industrial espionage in order to steal trade secrets and gaining access to intellectual property.
Distributed denial of Service (DDoS) attacks were also seen affecting business globally in a big way. According to estimates from analyst groups, the cost of a 24-hour outage can be as much as USD$30 mn. Increasingly vulnerable companies are moving into the cloud where availability of data is of paramount importance.
The report documents various other facts about security breaches globally in 2011. Sartin insisted that companies and governments should take into account the hacking patterns to keep threats at bay. A consolidated and collaborative approach will lead to secure environment. Information sharing about the said attacks is one of the best ways to keep hackers at bay.