One in five data breaches are the result of cyberespionage, Verizon says
Verizon's data breach investigations report covering 2012 includes information on cyberespionage-related breaches for the first time
IDG News Service - While the majority of data breaches are the result of financially motivated cybercriminal attacks, cyberespionage activities are also responsible for a significant number of data theft incidents, according to a report that will be released Tuesday by Verizon.
Verizon's 2013 Data Breach Investigations Report (DBIR) covers data breaches investigated during 2012 by the company's RISK Team and 18 other organizations from around the globe, including national computer emergency response teams (CERTs) and law enforcement agencies. The report compiles information from more than 47,000 security incidents and 621 confirmed data breaches that resulted in at least 44 million compromised records.
In addition to including the largest number of sources to date, the report is also Verizon's first to contain information on breaches resulting from state-affiliated cyberespionage attacks. This kind of attack targets intellectual property and accounted for 20% of the data breaches covered by the report.
In more than 95% of cases the cyberespionage attacks originated from China, said Jay Jacobs, a senior analyst with the Verizon RISK team. The team tried to be very thorough regarding attribution and used different known indicators that linked the techniques and malware used in those breaches back to known Chinese hacker groups, he said.
However, it would be naive to assume that cyberespionage attacks only come from China, Jacobs said. "It just so happens that the data we were able to collect for 2012 reflected more Chinese actors than from anywhere else."
The more interesting aspects of these attacks were the types of tactics used, as well as the size and industry of the targeted organizations, the analyst said.
"Typically what we see in our data set are financially motivated breaches, so the targets usually include retail organizations, restaurants, food-service-type firms, banks and financial institutions," Jacobs said. "When we looked at the espionage cases, those industries suddenly dropped down to the bottom of the list and we saw mostly targets with a large amount of intellectual property like organizations from the manufacturing and professional services industries, computer and engineering consultancies, and so on."
A surprising finding was the almost fifty-fifty split between the number of large organizations and small organizations that experienced breaches related to cyberespionage, the analyst said.
"When we thought of espionage, we thought of big companies and the large amount of intellectual property they have, but there were many small organizations targeted with the exact same tactics," Jacobs said.
There is a lot of intelligence-gathering involved in the selection of targets by these espionage groups, Jacobs said. "We think that they pick the small organizations because of their affiliation or work with larger organizations."
- Nine charged with distributing Zeus malware
- The new security perimeter: Human Sensors
- Cyberattacks could paralyze U.S., former defense chief warns
- Security Manager's Journal: Thousands of dollars in phone calls? Management hates that.
- Everything You Know About Enterprise Security Is Wrong
- UK man charged with hacking Federal Reserve
- McAfee Offers Global Response to Nationalized Malware
- Tech Industry Praises Cybersecurity Framework From White House
- Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment
- Trial for alleged Silk Road creator Ross Ulbricht set for November
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts