Financial Cybercrime, Espionage Main Types of Cybersecurity Incidents in Verizon Data Breach Report
Financial cybercrime and state-affiliated espionage made up a combined 95 percent of all cybersecurity incidents in 2012 included in a Verizon Communications study released Monday. The report examined 47,000 security incident reports from Verizon and 18 other organizations, including the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and two of its Computer Emergency Readiness Team units, as well as the U.S. Secret Service. Verizon focused its study on the 621 confirmed data breaches included in those reports, said Jay Jacobs, principal with Verizon Enterprise Solutions’ RISK Team, which writes the annual data breach report. A final version of the report had not been made public at our deadline.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
About 75 percent of all the confirmed breaches involved financially-motivated cybercrimes, with payment card information being the most-stolen data type, Verizon said in the study. Payment card information has remained the most-stolen data throughout the nine years Verizon has done its data breach study, Jacobs said, noting that ATM skimming is the most frequent type of data breach method noted in the report. An additional 20 percent of the breaches involved state-affiliated espionage, which most often targeted organizations’ internal and system data, as well as trade secrets and credentialing information like passwords. Three percent of the breaches involved “hacktivists,” who cause breaches for ideological or recreational reasons. Hacktivists stole less data in such breaches in 2012 than in past years, instead choosing to engage in distributed denial-of-service attacks and other attacks that paralyze or disrupt systems, Jacobs said. An additional 2 percent of the breaches involved independent actors who conducted the breaches for other reasons, he said.
China topped the list of countries where the breaches originated, at 30 percent. Romania connections originated 28 percent of the breaches, followed by those in the U.S. at 18 percent, Bulgaria at 7 percent and Russia at 5 percent. The Netherlands, Armenia, Germany, Colombia and Brazil each were origination points for about 1 percent of the breaches, Verizon said.
China was the top originator of espionage-related breaches “by a long shot,” with 96 percent of all such breaches originating there, Jacobs said. Verizon “tried not to be alarmist” about attributing these incidents to China, he said, saying the authors determined the country of origin based on the types of malware involved in the attacks, the techniques involved, as well as IP address information. Chinese-originated cyberattacks have been a part of the debate over U.S. cybersecurity policy, most recently the Cyber Intelligence Sharing and Protection Act (CD April 19 p6). Concerns about possible Chinese government involvement in such attacks also led the House Judiciary Committee last year to “strongly” recommend the U.S. government and businesses not do business with Chinese telecom equipment manufacturers Huawei and ZTE (CD Oct 10 p3). Most financial cybercrime-related breaches originated in the U.S. or Eastern European nations, most notably Bulgaria, Romania and Russia, Jacobs said.
Data breaches occurred across a diverse range of industries -- 21.7 percent occurred in retail, 12.2 percent in manufacturing, 10.4 percent in information and 9.9 percent each in the food services and professional sectors, Verizon said. Espionage was the main reason for breaches in the manufacturing and professional sectors, while financial cybercrime was involved in most breaches in retail and food services, Verizon said. Those data suggest there’s “no one-size-fits-all” solution the government can employ as it looks to protect critical infrastructure from cyberthreats, Jacobs said.
DHS and the National Institute of Standards and Technology are collaborating with U.S. companies to develop a voluntary cybersecurity framework, a set of standards and best practices, as part of President Barack Obama’s February cybersecurity order (CD Feb 14 p1). “We cannot say that every organization must do this long list,” Jacobs said. “If we mandate a long list of controls, there’s going to be some organizations that are going to be underprotected, even with a long list.” A uniform list of requirements will help the middle group of companies, but it will also cause some companies to overspend on security, and cause others to underspend, Jacobs said. The framework will “need to keep in mind the variety of actors in the landscape, the variety of motivations and things like that,” he said. “It’s pretty important as we prioritize how we spend to protect our infrastructure."
It’s difficult to compare the results of Verizon’s latest data breach report to those of past reports because the number and diversity of participants increased markedly in the latest report, Jacobs said. Government entities were the main contributors to the report; Australia, Denmark, Ireland, Malaysia, the Netherlands and Spain joined the U.S. in contributing to the report, Verizon said. There were also data from Deloitte and several industry groups, Verizon said. Last year’s report, which used data collected during 2011, found 96 percent of all breaches by external forces were for financial gain, while “almost all” of the breaches caused internally were also for financial gain, Verizon said (http://vz.to/YeMW8L).