Verizon has released its 2013 Data Breach Investigations Report. The company has found that, in 2012, hacking was the “number one way” that data breaches occurred.
The figures from the report show that 52% of data breaches involved hacking. 76% of intrusions exploited weak or stolen credentials, 40% relied on malware, 35% involved physical attacks, and 29% of them leveraged social engineering tactics such as phishing.
As far as victims were concerned, in 2012, most of the targeted organizations were from the financial sector (37%), followed by retailers and restaurants (24%), manufacturing, utilities and transportation industries (20%), and information and professional services companies (20%). 38% of cyberattacks targeted larger organizations.
When it comes to the reasons why these attacks were carried out, Verizon’s Dave Hylender explains that they’re “diverse.”
“Money- minded miscreants continued to cash in on low-hanging fruit from any tree within reach. Bolder bandits took aim at better-defended targets in hopes of bigger hauls,” Hylender wrote in a blog post.
“Activist groups DoS’d and hacked under the very different—and sometimes blurred—banners of personal ideology and just-for-the-fun-of-it lulz. And, as a growing list of victims shared their stories, clandestine activity attributed to state-affiliated actors stirred international intrigue.”
The study provides organizations with some important advice on how to protect their assets against data breaches.
The recommendations include eliminating unnecessary data; ensuring that essentials controls are met; collecting, analyzing, and sharing incident and threat intelligence data; evaluating the threat landscape and creating strategies.
“If you’re a target of espionage, don’t underestimate the tenacity of your adversary.Nor should you underestimate the intelligence and tools at your disposal,” reads one piece of advice from the report.
The complete 2013 Data Breach Investigations Report is available for download here.