Verizon just released their 2013 Data Breach Investigations Report (DBIR).  It draws data from work done by several law enforcement agencies, incident-reporting groups, research institutions, and private security firms. It studies over 2,500 confirmed data breaches (representing more than 1 billion records).

Some observations from the report for all company sizes:

• 75% of attacks were opportunistic, ie a specific company or individual was not directly targeted
• Attackers consisted of activists, criminals, & spies
• Of the cases of insider sabotage, 50% came from old accounts or back doors that had not been disabled
• The vast majority of attacks (68%) were considered “Low” difficulty (meaning basic attack methods with little or no customization required)
•  ‘Unapproved’ hardware accounted for 41% of misuse
• It is taking longer to discover breaches, up 10% from 2012.  This means that the bad guy can operate at will for longer periods of time.

Some observations for small and medium sized businesses (employee count < 1000):

• In companies less than 100 in size, retail had an exceptionally large exposure, followed by food services companies
• 57% of attacks were from organized crime and 20% were state-affiliated
• 72% of attacks were from hacking, 54% from malware, and 32% from social media
• In 86% of the attacks, spyware or keyloggers were installed as a part of the attack
• SMB’s are at higher risk for ransomware schemes
• Desktop sharing was primary attack vector for hacking attacks for SMB’s
• Email was primary vector for social attacks
• Unapproved hardware contributed to misuse in 52% of cases in small & medium sized companies (compared with only 22% of large companies)
• Point of Sale devices most often attacked information asset for SMB’s

2013 Data Breach Investigations Report

Executive Summary