"The bad guys are winning," according to Verizon's 2014 Data Breach Investigations Report (DBIR) that says there's large increase in cyber crime. d the report's lead author Wade Baker says " But somehow that's not all bad news?
According to the authors, this year more than 63,000 security incidents were analyzed, but the high figure shouldn't be too intimidating:
The dataset that underpins the DBiR is comprised of over 63,000 confirmed security incidents — yep, over Sixty-Three Thousand. That rather intimidating number is a by-product of another shift in philosophy with this year’s report; we are no longer restricting our analysis only to confirmed data breaches. This evolution
of the DBiR reflects the experience of many security practitioners and executives who know that an incident needn’t result in data exfiltration for it to have a significant impact on the targeted business.
Of these 63,000 incidents, just 1,367 were confirmed data breaches affecting 95 countries.
The report, which has been compiled by Verizon's security arm every year for the last decade, finds that 97 percent of crimes fall into nine categories of security breaches, including point of sales intrusions, web app attacks, cyber espionage, insider misuse, card skimmers, DoS attacks, crimeware, miscellaneous errors and physical theft.
According to the DBIR, point of sale, or PoS, intrusions have actually gone done since 2011, falling from 31 percent of all breaches to 14 percent. This means that shoppers' information is less likely to be accessed when they make their purchases, which should be somewhat comforting. (However, Target's massive breach last winter, probably the biggest of the year, was essentially a point of sale attack.
The report also breaks down which industries are most vulnerable to which types of theft:
While fraud and financial motivations still tend to dominate the spectrum of reasons behind cyber crime, believe it or not, they declined as a proportion of the whole in 2013. Meanwhile, attempts to steal intellectual property rose, Jacobs said. “It’s not all about money anymore but who has the intellectual property,” he said.
Hesseldahl notes that these are often inside jobs, crimes perpetrated by company employees stealing proprietary information to set up a rival business. Web app hacking is also on the rise, but 65 percent of those are motivated by "ideology/fun."
Concerningly, cybercrime is also on the rise against countries -- especially the U.S. -- in the form of online espionage. Espionage-related hacking was traced back to Chinese and East Asian residents in 49 percent of cases, but Eastern European hackers are gaining ground, launching about one-fifth of overall espionage attacks in 2013. And, to make matters worse, hackers are able to access data faster than in previous years. The report authors note that though more cases of espionage were catalogued n the latest DBIR, this could just be because Verizon looked at more data sources in the most recent report.
Though the report is something of a mixed bag, Baker warns that the threat of cybercrime is increasing overall. "After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime – and the bad guys are winning," he said, but added that "by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically." The authors offer basic protections for individuals and companies, some of them as simple as using two-step verification and keeping your system up to date.
This article is from the archive of our partner The Wire.