Hacker activism rose to public prominence in 2011 and its rise is revealed in the “Verizon 2012 Data Breach Investigations Report.” Fifty-eight percent of electronic data stolen last year was the result of hacker activism, prompting Verizon to dub 2011 “The Year of the Hacktivist.”
2011’s rising tide of hacktivist data breaches contrasts sharply with that from previous years, when cybercriminals looking for financial gain carried out most of the data breaches, Verizon notes in a press release.
“The report demonstrates that unfortunately, many organizations are still not getting the message about the steps they can take to prevent data breaches,” said Wade Baker, Verizon’s director of risk intelligence. “This year, we have segmented our recommendations for enterprises and small businesses in the hope that this will make our suggestions more actionable. Additionally, we believe greater public awareness about cyberthreats and user education and training are vitally important in the fight against cybercrime.”
Opportunity and the ease of carrying out the breaches were characteristic of 2011’s hacktivist breaches, Verizon also noted: 79% of attacks represented in the report were opportunistic, while 96% of them were not very difficult to carry out, “meaning they did not require advanced skills or extensive resources,” according to Verizon.
At 855, 2011’s total data breaches enabled hackers to steal 174 million records, the second-highest data loss the Verizon RISK (Research Investigations Solutions Knowledge) team has recorded since it began producing its reports five years ago. The US Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police all contributed to Verizon’s report.
“With the participation of our law enforcement partners around the globe, the ‘2012 Data Breach Investigations Report’ offers what we believe is the most comprehensive look ever into the state of cybersecurity,” Baker said. “Our goal is to increase the awareness of global cybercrime in an effort to improve the security industry’s ability to fight it while helping government agencies and private sector organizations develop their own tailored security plans.”
One thing that hasn’t changed about cybercrime: it’s international in nature, Verizon pointed out. Recorded data breaches originated in 36 countries in 2011, an increase from 22 in 2010. Nearly 70% originated in Eastern Europe, while less than 25% originated in North America.
Some 98% of attacks came from outside the victim organizations and were promulgated by individuals and groups including organized crime, activist groups, former employees, lone hackers and “even organizations sponsored by foreign governments.” The number of breaches originated from inside organizations fell to 4%, with business partners responsible for less than 1%, according to Verizon.
In terms of the tools and methods employed, the incidence of hacking and malware continued to increase. Hacking was a factor in 81% of data breaches and in 99% of data lost, while malware played a role in 69% of data breaches and 95% of compromised records.
The time between data being compromised and its discovery continues to be measured in months and even years, Verizon noted. In terms of detection, the majority of breaches were detected by third parties.
Verizon’s analysis also shows that there’s ongoing interest in industrial/commercial espionage in order to steal trade secrets and gain access to intellectual property. “This trend, while less frequent, has serious implications for the security of corporate data, especially if it accelerates,” according to Verizon.
“Personally identifiable information (PII) has become a jackpot for criminals,” Verizon noted. “PII, which can include a person’s name, contact information and social security number, is increasingly becoming a choice target. In 2011, 95 percent of records lost included personal information, compared with only 1 percent in 2010.”
While compliance with security programs such as the Payment Card Industry Data Security Standard (PCIDSS) are sound steps and means of assuring data security and information protection, they by no means guarantee data and records are secure, or that an organization is immune from attacks.
When it comes to enterprises protecting data and information systems, Verizon recommends:
- Eliminate unnecessary data. Unless there is a compelling reason to store or transmit data, destroy it. Monitor all important data that must be kept.
- Establish essential security controls. To effectively defend against a majority of data breaches, organizations must ensure fundamental and common sense security countermeasures are in place and that they are functioning correctly. Monitor security controls regularly.
- Place importance on event logs. Monitor and mine event logs for suspicious activity – breaches are usually identified by analyzing event logs.
- Prioritize security strategy. Enterprises should evaluate their threat landscape and use the findings to create a unique, prioritized security strategy.
For small organizations, Verizon recommends:
- Use a firewall. Install and maintain a firewall on Internet-facing services to protect data. Hackers cannot steal what they cannot reach.
- Change default credentials. Point-of-sale (POS) and other systems come with pre-set credentials. Change the credentials to prevent unauthorized access.
- Monitor third parties. Third parties often manage firewalls and POS systems. Organizations should monitor these vendors to ensure they have implemented the above security recommendations, where applicable.