Financial gain motivates most cyber-attackers – Verizon report

23 Apr 2013

Fewer than one in five breaches were carried out by state-sponsored actors as financial gain remains the biggest motivator for attackers, a major new security report has found.

The 2013 Verizon Data Breach Investigations Report (DBIR) gathers data from a range of sources: 19 organisations worldwide comprising national cyber incident reporting groups, law enforcement agencies, a research body and forensic services firms.

The document includes analysis of more than 47,000 security incidents and the study of 621 confirmed data breaches.

Considered one of the more reliable cybercrime surveys, the 2013 edition uncovered findings which challenge conventional thinking about the nature of current cyber threats and where the real risk lies for many businesses.

It found 75pc of attacks are opportunistic: that is, not targeted at a specific individual or company. Most of these were financially motivated.

Just 19pc of all attacks analysed in the 2013 report were perpetrated by state-affiliated actors – the kind of espionage that was outlined in a widely reported and controversial study by the security firm Mandiant in February.

“In most industries, you’re still much more likely to suffer an attack motivated by financial gain or revenge than espionage. Even in the industries most likely to be targeted, the likelihood of an espionage attack is still relatively low,” the report said.

Security budget spending

The DBIR also questioned whether organisations are spending their security budgets on the most appropriate protection for the systems they have. Two-thirds of breaches involved data ‘at rest’ in databases and on file servers, and the rest was being processed when it was compromised. “Does the balance of your security efforts reflect that?” the report asked.

Many organisations take months to discover whether they have been breached at all: 62pc took months to discover and in 4pc of cases a breach went undetected for more than a year.

IRISSCERT, the Irish security incident response team, provided Verizon with statistics on incidents it observed in Ireland during 2012. It’s the second year in a row that the non-profit group has contributed to the report.

Some of the more prominent incidents recorded by IRISSCERT last year related to ransomware, where criminals hijack a company’s information on its systems and demand payment to decrypt it.

Brian Honan, head of IRISSCERT, commented: “One of the big problems organisations face in the area of information security is the lack of sharing of information about threats and attacks. Without knowing how criminals are breaching the security of other organisations many security professionals do not know where they could be best focusing their efforts. Verizon’s DBIR provides a platform for such information to be shared anonymously so that all can learn from it.”

Gordon Smith was a contributor to Silicon Republic