What Type of Data Is Compromised by Security Breaches

In the available research data, it appears that payment card numbers/data is the compromised in about half the cyber-attacks on all organizations.   Here is a list (by ranking) of the data type that was recorded as compromised as a result of a cyber-security breach:

Payment card numbers/data

Authentication credentials (usernames, passwords, etc.)

Personal information (Name, social security number, Address, etc.)

Sensitive organizational data (reports, plans, etc)

Bank account numbers/data

System information (config, svcs, sw, etc)

Copyrighted/Trademarked material

Trade secrets

Classified information

Medical records

Cyber Attack: Targeted or Opportunistic?

In general, cyber-attacks are classified in two different ways – opportunistic and targeted.  The victims of opportunistic attacks are selected because they show some form of weakness that the attack was able to exploit.  Targeted attacks are when the victim is selected as a target based on the criteria set by the cyber-criminal and only then does the criminal identify which weaknesses exist that can be exploited.  The smaller the organization, the more likely that the attack is opportunistic.     Well over half of attacks in smaller companies are opportunistic but this number falls to about 1/3 for larger companies.  Here is the data from the Verizon Data Breach Report:

Data for all companies: Opportunistic: 79%,  Targeted: 16%, Unknown: 5%

Data for large companies: Opportunistic: 35%, Targeted: 50%, Unknown: 15%

Most Cyber-Crime Originates in Eastern Europe

About two thirds of cyber-crime originates from Eastern European counties.   More detailed analysis of the data from the Verizon Data Breach Report indicates a somewhat more complex picture.   Within large organizations, only 27% of cybercrime is linked to Eastern European countries.   The larger organizations attract a more diverse source of attackers whereas cybercriminals in Eastern Europe target the easier victims – smaller companies with less robust policies and technologies in place to defend against cyber-attack.

 

Here are the raw statistics from the Verizon Data Breach Report for all organizations:

Eastern Europe (including Russia and Turkey) – 67%

Americas North – 20%

Europe West – 4%

Asia East – 2%

Africa – 1%

Asia Southeast – 1%

What motives cyber-criminals?

Organized crime continues to be the single largest driver of cyber-breaches and account for 33% of the breaches at larger organizations. For 2011 – the last year where there is available data – 96% of security breaches were due to financial or personal gain. When we exclude data for small organizations, the picture is a little different. Although still significant, the number attributable to financial gain falls to 71%. Other significant factors for larger organizations include disagreement or protest at 25% and fun, curiosity or pride at 23%. The large number of socially driven cyber-breaches is attributable to the “hacktivism” that is becoming increasingly prevalent and we expect this number to rise in 2012 and beyond.

Here are the raw statistics from the Verizon Data Breach Report for larger organizations:
Organized criminal group – 33%
Unknown – 31%
Unaffiliated person(s) – 10%
Activist group – 21%
Former employee (no longer had access) – 6%
Relative or acquaintance of employee – 2%

Where cybercrime mitigation efforts should be focused

The Verizon Data Breach Report points out something that is fairly obvious – that larger and smaller organizations face different cyber threats and should that solutions should be tailored for each company type. The solution for smaller organizations are relatively simple: implement a firewall or ACL on remote access service, change credentials of POS systems and if a third party is handing these on your behalf then make sure that they are actually being done.

Regarding larger organizations, the top findings are as follows:
• Eliminate unnecessary data; keep tabs on what’s left
• Ensure essential controls are met; regularly check that they remain so
• Monitor and mine event logs
• Evaluate your threat landscape to prioritize your treatment strategy

To see the full report click here.