1. Breaches are (almost) no longer coming from inside the organisationIt wasn’t that long ago that the common belief (and there were plenty of numbers backing this up), was that a significant portion of breaches stemmed from inside the organisation. Disgruntled employees, opportunistic mutineers, those off to greener pastures grabbing a handful of data on their way out – whatever – but it’s now a very different story:
|Who is behind data breaches?|
|98% stemmed from external agents (+6%)|| No
big surprise here; outsiders are still dominating the scene of
corporate data theft. Organized criminals were up to their typical
misdeeds and were behind the majority of breaches in 2011. Activist
groups created their fair share of misery and mayhem last year as
well—and they stole more data than any other group. Their entrance onto
the stage also served to change the landscape somewhat with regard to
the motivations behind breaches. While good old-fashioned greed and
avarice were still the prime movers, ideological dissent and
schadenfreude took a more prominent role across the caseload. As one
might expect with such a rise in external attackers, the proportion of
insider incidents declined yet again this year to a comparatively scant
|4% implicated internal employees (-13%)|
|<1% committed by business partners (<>)|
|58% of all data theft tied to activist groups|
Threat agents over time by percent of breaches:
Oh – and in case you’re wondering why 98% plus 4% plus under 1% adds up to more than 100%, some breaches span both external and internal players. For example, someone external socially engineers someone internal into divulging their credentials. Makes sense now!
2. Hacktivists are becoming seriously bad newsThis shouldn’t come as a surprise, but the number above is still alarming; 58% of data theft was tied to individuals purporting to carry out their illegal activities on the basis of some form of activist belief. Frankly, when you look at the demographic of those being caught in the act (frequently teenagers or early 20’s), I suspect that whilst these individuals are readily attaching themselves to hacktivist groups such as Anonymous and LulzSec, it’s more about gaining a bit of notoriety and having some lulz than it is about fighting for a cause.
From the report:
The most significant change we saw in 2011 was the rise of “hacktivism” against larger organizations worldwide.Regardless of the motivations of hacktivists, the fact remains that there is a groundswell of individuals out there queuing up to take a shot at just about any website they can get their hands on. They don’t need the financial incentive of true cybercriminals or the political and military goals of nation states, they just need an easy target. Frankly, for website owners, this indiscriminate targeting should be rather worrisome.