Many data breaches last year were a result of hacktivism, and while the attacks were less frequent, more data was stolen and larger organisations with strong brand names were the most common victims, a report has revealed.
According to the Verizon 2012 Data Breach Investigations Report released on Thursday, the rise of hacktivism against larger organisations was the most significant change in 2011, with 58 per cent of stolen data attributed to hacktivism — cyberhacking to advance political and social objectives.
This was in contrast to the data-breach pattern over the last few years, where a majority of attacks were carried out by cybercriminals who were primarily motivated by financial gain.
The report, in its fifth year of publication, surveyed 855 data breaches over 174 million stolen records in 36 countries around the globe. This year, the United States Secret Service, Dutch National High Tech Crime Unit, Australia Federal Police, Irish Reporting & Information Security Service and Police Central e-Crime Unit of the London Metropolitan Police contributed data to the report.
Hacktivist groups accounted for a small proportion of 2011 cases, and while they had been less active, their attacks had "taken a heavy toll" on companies. They stole more than 100 million records, or twice the amount obtained by financially driven hackers, the report revealed.
Nearly all of the data stolen by hacktivist groups had been taken from larger organisations, and the proportion of breaches tied to hacktivism-related motives had risen to 25 per cent.
The study pointed out that a low-profile brand or company is less likely to draw the attention of these groups. However, they are instead attacked by money-driven cybercriminals looking for "opportunistic attacks against weaker targets", which present a lower risk.
"Think of it as a way to streamline business processes. Find an easy way to prey on the unsuspecting, weak and the lame, and they simply repeat on a large scale," the report stated. "This high-volume, low-yield business model has become the standard for organised criminal groups."
SMBs targeted in Asia Pacific
On a regional basis, while there were no major differences in the number of breaches, there was a contrast in the type of businesses being attacked. Small and midsize businesses (SMBs) are prime targets in the Asia-Pacific region, Mark Goudie, managing principal of Verizon's Investigative Response Team, told ZDNet Australia's sister site ZDNet Asia.
Goudie elaborated that the US and Europe have more established chain stores and big companies, while Asia-Pacific region is dominated by SMBs. As such, they are more likely to get attacked.
The Verizon executive also added that large organisations tend to be "more savvy and sophisticated" in terms of technology used to protect themselves when compared to SMBs. This would also make them likely targets of cybercriminals, he said.
BYOD and cloud may not be as risky as they seem
Goudie also noted that the technology environment of enterprises have become very "complex" due to the growing amount of data. As such, an organisation's security strategy should focus on data management, such as eliminating unnecessary data unless there is a compelling reason to store it, or store data "outside" of the organisation, such as on a CD or hard-disk drive.
Quizzed on whether enterprises should place data in the cloud, he stated that cloud is an "interesting phenomenon". Goudie remarked that while there was much deliberation on whether cloud is secure enough to store data, there have been no incidents in the report where storage of data in the cloud, or in devices that employees use, led to a data breach.
He maintained that hackers still use traditional tactics in stealing from internal databases, and they may not have seen the need to evolve to steal from new technologies such as cloud and mobile devices yet.
As such, cloud and the BYOD trend may not be as large a security threat that people have made them out to be.
Via ZDNet Asia