A Look at the Verizon 2012 Data Breach Report
Cybercriminals are more active than ever, especially the hacktivists. Will LulzSec target you?
No bones about it 2011 was a year of ominous Internet troubles. Over that period, a whopping 174 million Web-based records were compromised or left open to theft by cybercriminals.
Last year was also dominated by talk of hacktivist groups like Anonymous and LulzSec that caused widespread mayhem by illegally accessing the servers of corporations and organizations to steal information. Last year, 100 million people were affected by these groups, whose aims are often as shadowy and frightening as the people behind them.
Clearly, the hactivists have the capability to put us all at risk, and not even the FBI is immune to their threats. But are Anonymous and LulzSec the biggest danger to Internet security? According to the comprehensive Verizon 2012 Data Breach Investigation Report, perhaps not.
Each year since 2004, the Verizon RISK team has gotten together with the international law-enforcement community to asses trends in cybercrime. These folks count the number of records breached each year, determine who is behind the breaches, and provide recommendations as to how they can be stopped.
The big story from Verizon this year was the rise of hacktivists. These groups who have hacked into organizations like Sony Pictures, the Recording Industry Association of America, and the FBI are often motivated by political dissatisfaction, stealing records as a way of voicing dissent. Sometimes though, their only aim appears to be getting their lulz, or having a bit of fun (lulz is related to the Internet saying LOL, or laughing out loud).
In 2011, in terms of the number of records stolen, these groups took the cake, thieving more than twice that of other hackers. However, when counting the total number of cases of data theft, organized criminals out for financial gain committed 86 percent of all crimes. In other words, the hacktivist movement stole a lot but in a limited number of actions.
What the Verizon report tells us is that in the vast majority of data breaches, plain old greed is the principal motivating factor. Ninety-six percent of all breaches were done to steal information the criminals could use to line their pockets. Credit card information and sensitive personal data were the targets of these folks.
The other point the report makes clear is that criminals almost always target the most vulnerable those businesses whose Internet security, or lack thereof, makes them easy pickings. It isnt surprising then that the Verizon report states small businesses and those without dedicated IT teams constitute the largest group of victims.
In contrast, since hactivists want attention for their misdeeds, they target large groups, using their expertise to break into sophisticated systems as a point of pride. Also, since money isnt their primary aim, theyre likely to steal noncritical data names and email addresses just to make their point.
Most cybercriminals want money, but they dont want to get caught. This simple algorithm explains why the bad guys go for the soft targets businesses that make it easy for the hackers to steal from them.
The good news is that by putting into practice a few computer security measures, most businesses can discourage criminal activity. Ninety-seven percent of all breaches last year could have been prevented through simple or intermediate controls.
Yes, breaches can be stopped. Be prepared. Dont give the data thieves their lulz.