This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

State-affiliated espionage statistics highlight threat of attacks and data breaches

Share this article:
State-affiliated espionage statistics highlight threat of attacks and data breaches
State-affiliated espionage statistics highlight threat of attacks and data breaches

The reality of state-affiliated espionage dominates this year's Data Breach Investigations Report from Verizon.

Drawing on data from 47,000 instances and from 621 confirmed data breaches, the report now considers state-sponsored hacking to be a serious matter, with state-affiliated espionage campaigns accounting for 20 per cent of all breaches in comparison with cyber crime, which accounts for 75 per cent of breaches.

The 60-page report also found that the amount of data stolen has decreased, while 92 per cent of data breaches were attributable to outsiders, and 14 per cent committed by insiders.

Chris Porter, managing principal at Verizon, told SC Magazine that this was not really a surprise, as year-on-year it was much the same. He said: “One of the things I believe is that insider statistics are higher than what we have here; if you look at a data breach a lot of the time an organisation doesn't know what happened if it wasn't for third parties letting them know.

“With an insider there is no easy way to find them and no fraud algorithm to identify this and if you catch the person, you don't call the police and don't have forensics to know what happened, and that is why this has showed up in the data set.

“If insiders are involved, it is usually for a lost laptop of mis-delivery of an email. This is more down to error.”

Porter said that in this year's report, there was not one standout statistic, as it had looked at large and small businesses and what was new was the espionage factor, and that was where the attacks showed up.

He said: “Espionage actors come from different locations and go after different assets, and we are seeing a clear difference between spyware and state-affiliated espionage. We wanted to shine a light on this and show the data on this.”

The report discovered that in terms of attack methods, hacking was the number one way for breaches to occur, with hacking a factor in 52 per cent of data breaches and 76 per cent of network intrusions exploiting weak or stolen credentials. Porter said: “With organised crime we call it a ‘smash and grab' where the attacker looks for open remote servers and brute force attacks on credentials.”

Also, the compromise-to-discovery timeline continues to be measured in months and even years, as opposed to hours and days. This year found that the number of breaches that remain undiscovered for months or more rose from 55 per cent in 2011 to 66 per cent in 2012, while discovery time was months for 62 per cent of respondents.

Porter said that people need to be able to identify that something has happened, and be able to react to it, and this requires having an incident response in place.”

Asked why there was such a strong focus on state-affiliated espionage campaigns, Porter said that there was no real decision to focus on this, it was just that the data was so strong, as the data set changes year-on-year.

Despite high-profile reports by companies such as Mandiant on APT1 and Kaspersky Lab on Flame and Red October, Porter said that state-affiliated espionage is "not a new problem", just that there was greater visibility on the issues.

“We got data at the time of the Mandiant report and did not take an alarmist tone, as we did not want to spread fear, uncertainty and doubt as this is not a new problem, it is just that we had data on it,” he said.

Wade Baker, principal author of the Data Breach Investigations Report series, said: “The bottom line is that unfortunately, no organisation is immune to a data breach in this day and age. We have the tools today to combat cyber crime, but it's really all about selecting the right ones and using them in the right way.

“In other words, understand your adversary – know their motives and methods, and prepare your defences accordingly and always keep your guard up.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Password recovery made too easy

Password recovery made too easy

A senior malware analyst has slammed the availability of a `password recovery' utility from Freehostia, noting that the software actually uses network admin utilities to take credentials from the users' ...

Belgacom says alleged GCHQ APT attack cost firm £12 million

Belgacom says alleged GCHQ APT attack cost firm ...

One year on from a nation-state APT which 124 systems at telecom operator Belgacom and the firm has detailed the cost and manpower involved in the clean-up operation.

CryptoWall compromises 40,000 UK citizens

CryptoWall compromises 40,000 UK citizens

Research just published claims to show that ransomware - in the shape of CryptoWall - is still generating healthy volumes of income for the cyber-criminals behind the code.