Social tactics used in 29% of cyberattacks

The back door hackers are increasingly using to gain access to your personal account or your company's system is through you, Verizon data breach report shows.
Written by Kirsten Korosec, Contributor on

Hackers, especially those involved in targeted espionage campaigns, are frequently relying on social tactics, such as phishing, to compromise computing devices and email accounts.

The proportion of security breaches incorporating social tactics--using email, phone calls and social networks to gain information on people--was four times higher in 2012 from the previous year, according to the Verizon 2013 Data Breach Investigation Report released this week.

Some 29 percent of security breaches used social tactics, according to the DBIR report, which used data and analysis from 19 global organizations including law enforcement agencies, research institutions, private security firms and national incident-reporting entities.

Companies, even those with tight cybersecurity, should be wary of the trend. Great corporate security programs have been bypassed as a result of this, the report said. Hackers also have gone after high-value targets in their personal lives, using social tactics like phishing, doxing, and watering hole attacks to compromise personal email accounts and computing devices.

The upshot? The back door hackers are increasingly using to gain access to your personal accounts or your company's system is through you.

Targeting specific key personnel isn't a new tactic. But more organizations are now considering extending corporate security into the living rooms of their CEOs, according to the DBRI.

Another troubling trend is that while the sophistication of attacks is growing, most use basic methods that require little or no customization or resources.

Other 2012 highlights from the report:

  • more than 47,000 reported security incidents
  • 621 confirmed data breaches
  • large-scale financial cybercrime accounted for 75 percent of attacks
  • 20 percent of attacks were state-affiliated espionage campaigns, which included cyberthreats aimed at stealing intellectual property to further national and economic interests.

Graphics: 2013 Verizon Data Breach Investigation Report

Photo: Flickr user Ian Lamont

This post was originally published on Smartplanet.com

Editorial standards