Verizon finds "hacktivists" responsible for 58% of stolen data
Verizon has produced its latest annual report on data theft, the 2012 Data Breach Investigations Report, compiled in cooperation with several police forces and security services, including the UK's Police Central e-Crime Unit of the London Metropolitan Police. In total, the report cites 855 data breach incidents during 2011 involving 174 million compromised data records – "records" are the number of data units compromised: files, card numbers, etc. The report highlights the increase in the proportion of attacks carried out, not by organised crime, but by "hacktivists", such as LulzSec and Anonymous.
The report states that the increase in such hactivist attacks is the most important change noted in the last year. Even though the number of attacks was a small proportion of the total, they accounted for a loss of over 100 million records. Such attacks made up only 2% of the total against all sizes of organisations, but captured 58% of all stolen records. Against large organisations, the total was 21%, capturing 61% of records. The report states: "So, although ideological attacks were less frequent, they sure took a heavy toll." These hacktivist attacks are motivated, say Verizon, by "ideological dissent and schadenfreude" rather than the financial gain that motivates professional criminals.
The great majority of data breaches were due to external agents, a total of 98%, while those that implicated employees fell from 17% the previous year to a low of 4%. Verizon has been compiling this report since 2004, and last year had the second highest level of data loss. Other changes noted in the report include the increase in the number of incidents that involved hacking and/or the use of malware. 79% of all attacks were found to be due to opportunity rather than deliberate targeting; the victims "fell prey because they were found to possess an (often easily) exploitable weakness rather than because they were pre-identified for attack."
See also:
- Report: more breaches but fewer records compromised in 2010, a report from The H.
(ehe)