What organizations are in cyber criminals’ crosshairs now? A better question might be: Who isn’t being targeted?
Hackers take any opportunity they can get to steal valuable data from businesses. And they’re finding a lot of those opportunities, according to Verizon’s 2013 Data Breach Investigations Report which analyzed 621 data breaches investigated in 2012.
One of the running themes in the report: No organizations are immune from sophisticated, targeted hacker attacks. Organizations of all sizes are being targeted in security attacks. In fact, the breaches reported are split fairly evenly among all sizes:
- 1 to 100 employees (31% of breaches)
- 101 to 1,000 employees (9%)
- 1,001 to 10,000 employees (11%)
- 10,001 to 100,000 employees (20%)
- 100,001 or more employees (7%)
- Unknown size (22%)
That’s true even for corporate espionage attacks. While it’s often assumed that type of breach mostly targets large enterprises, 18% of the espionage attacks covered in the Verzion report affected organizations with 100 or fewer employees.
Top industries for cyber attacks
The breaches investigated in the report affected businesses nearly every industry. That makes sense, as three-quarters of the breaches were financially motivated — and all organizations have some amount of data that can be used by cyber criminals in money-making schemes.
That said, hackers’ behavior does show preferences for certain industries. Among the incidents in Verizon’s report, the industries most likely to suffer data breaches are:
- Retail (22% of breaches)
- Manufacturing (12%)
- Information (10%)
- Food services (10%)
- Professional services (10%)
- Finance (8%)
- Transportation (6%)
- Public agencies (4%
- Utilities (2%)
- Administrative services (1%)
Industries further down the list include healthcare, education and others that have little in common with each other — other than the fact that their networks hold valuable corporate and customer data.
Bottom line: Hackers go after any organization that presents an opportunity for an attack.
Top targets within the organization
For organizations that are targeted by hackers, the most frequent point of entry for the attacks: the organization’s users. Most (71%) of the breaches studied involved attacks on user devices, while 54% compromised servers (many attacks target both categories).
In addition, 76% of the attacks exploited weak or stolen log-in information. Often, those credentials are stolen from users with malware, phishing and other scams.
And the most common targets in those incidents: executives and managers.
In the majority (69%) of social engineering attacks studied by Verizon, the target was unknown. But the next two categories on the list were executives and managers, who were targeted in 16% and 11% of social engineering attacks, respectively.
That makes sense: The higher up in the company, the more access a person has to the information cyber criminals want. Those leaders also have a higher public profile, allowing hackers to do more research about them and find their contact information.
In addition to the people within the company that hackers are targeting, there are also those users who create security incidents on their own, either intentionally or unintentionally.
That includes malicious insiders who steal information, as well as those who lose storage devices containing sensitive data or put that data on unapproved hardware.
Who are the insiders organizations most need to look out for? While other reports have suggested that IT pros — who typically have the access and know-how to pull off complex internal breaches — are the biggest insider threat, Verizon’s report puts them toward the bottom of the list.
Instead, it’s customer service staff such as cashiers and call center employees who present the biggest threat, being implicated in 46% of 2012’s insider breaches.
While IT departments understandably put a lot of their focus on stopping hacking, malware and other cyber threats, Verizon’s report shows another area that data thieves are targeting: physical equipment.
More than one-third (35%) of the breaches in the report involved physical theft or tampering. Those attacks included:
- ATM skimming operations
- Tampering with point of sale (POS) devices
- Surveillance, and
- Stolen computing devices.