Verizon just released their 2013 Data Breach Investigations Report (DBIR). It draws data from work done by several law enforcement agencies, incident-reporting groups, research institutions, and private security firms. It studies over 2,500 confirmed data breaches (representing more than 1 billion records).
Some observations from the report for all company sizes:
- 75% of attacks were opportunistic, ie a specific company or individual was not directly targeted
- Attackers consisted of activists, criminals, & spies
- Of the cases of insider sabotage, 50% came from old accounts or back doors that had not been disabled
- The vast majority of attacks (68%) were considered “Low” difficulty (meaning basic attack methods with little or no customization required)
- ‘Unapproved’ hardware accounted for 41% of misuse
- It is taking longer to discover breaches, up 10% from 2012. This means that the bad guy can operate at will for longer periods of time.
Some observations for small and medium sized businesses (employee count < 1000):
- In companies less than 100 in size, retail had an exceptionally large exposure, followed by food services companies
- 57% of attacks were from organized crime and 20% were state-affiliated
- 72% of attacks were from hacking, 54% from malware, and 32% from social media
- In 86% of the attacks, spyware or keyloggers were installed as a part of the attack
- SMB’s are at higher risk for ransomware schemes
- Desktop sharing was primary attack vector for hacking attacks for SMB’s
- Email was primary vector for social attacks
- Unapproved hardware contributed to misuse in 52% of cases in small & medium sized companies (compared with only 22% of large companies)
- Point of Sale devices most often attacked information asset for SMB’s
2013 Data Breach Investigations Report