2013: Year of the mega breach [ITWeb]
(ITWeb Via Acquire Media NewsEdge) One mega breach can be worth 50 smaller attacks, says Nick Christodoulou, country manager of SA at Symantec.
2013 was the "year of the mega breach", as the number of mega data breaches went from one in 2012 to eight in 2013, with 552 million identities being exposed.
That is one of the biggest disclosures from Symantec's Internet Security Threat Report (ISTR), Volume 19, which shows a significant shift in cyber criminal behaviour, revealing the bad guys are plotting for months before pulling off huge heists – instead of executing quick hits with smaller rewards.
"The ISTR is a contribution that we make to industry, as Symantec, to say that these are the things we need to be aware of," says Nick Christodoulou, country manager of SA at Symantec. "For us, it's about creating the mindset that it's not all rosy out there. Organisations need to be planning to mitigate the risks in the cyber world.
"If you are an organisation and you suffer a significant breach, it can sink the organisation, lose significant revenue or damage your reputation."
To Christodoulou, one mega breach can be worth 50 smaller attacks. "While the level of sophistication continues to grow among attackers, what was surprising last year was their willingness to be lot more patient – waiting to strike only when the reward is bigger and better."
The Snowden effect
According to Sven Hansen, technical sales and service manager at Symantec, 2013 was an interesting year in that it started off fairly quietly with people focusing on issues like cyber espionage, privacy and malicious insiders and that all grew after the Edward Snowden revelations.
"Most were concerned about what nation states were doing; who was spying on whom; what information was leaked; paranoia and concern about whether Google was reading our e-mails; or who had access to our data. So we were kind of fixated on these," says Hansen.
"If you look at some of the data from the 2011 report, you will realise that there were 208 breaches, which accounted for about 232 million identities that were exposed, and roughly five of them were of greater than 10 million identities. That was what we called 'the year of the breach' because that's when we saw a rise in the number of breaches and a significant amount of our data being stolen.
"In 2011, we saw Anonymous, the hactivist group, being quite active and it accounted for a few of those breaches."
In 2012, Hansen explains, there was a slight decline in the number of breaches and identities exposed and that was because of the increased security systems put in place by authorities globally to track down the cyber criminals.
"In 2013, we had a significant jump in the number of breaches – we had 253 breaches with 552 million identities being exposed, which is just a phenomenal figure. We see that the breaches are increasing in size. We had eight breaches in which more than 10 million identities were exposed," says Hansen.
"The concern here is that you'll see the intelligence, patience and maturity of the cyber criminals is growing. They are becoming more careful about how they plan their attacks."
In 2013, says Symantec, there was a 62% increase in the number of data breaches from the previous year, proving cyber crime remains a real and damaging threat to consumers and businesses alike.
Improved SA profile
SA's 2013 Internet security threat profile improved slightly from a world ranking of 45 in 2012 to 46 in 2013, the report says, adding that this shift indicates a lower number of security threats across all categories with the exception of malicious code, which saw a rank change from 28 in 2012 to 25 in 2013.
SA as a threat source for spam and phishing hosts decreased from 2012 to 2013, with respective world rankings from 48 to 55 and 34 to 41, says Symantec.
It points out that larger organisations (those with more than 2 500 employees) in SA experienced the majority of spear phishing and targeted attacks in 2013 at a high of 75%; while 25% targeted smaller size companies with one to 250 employees.
Top spear phishing and targeted attacks were recorded in the transportation, communications, electric, gas and sanitary services industry with more than 28%, while the finance, insurance and real estate industry was targeted at almost 12%.
According to Symantec, the size and scope of breaches is exploding, putting the trust and reputation of businesses at risk, and increasingly compromising consumers' personal information – from credit card numbers and medical records to passwords and bank account details. Each of the eight top data breaches in 2013 resulted in the loss of tens of millions of data records. By comparison, 2012 only had a single data breach reach that threshold.
"Nothing breeds success like success – especially if you're a cyber criminal," says Christodoulou. "The potential for huge paydays means large-scale attacks are here to stay. Companies of all sizes need to re-examine, re-think and possibly re-architect their security posture."
Targeted attacks in 2013 were up 91% and lasted an average of three times longer compared to 2012, says Symantec. Personal assistants and public relations were the two most targeted professions – cyber criminals use them as a stepping stone to higher-profile targets like celebrities or business executives, it concludes.
(c) 2014 ITWeb Limited. All rights reserved. Provided by Syndigate.info, an Albawaba.com company
[ Back To TMCnet.com's Homepage ]