Verizon reports that Web attacks, cyber-spying and point-of-sale hacking incidents were the leading IT security concerns of businesses in 2013. The findings do not come as a surprise given the ample cases of breaches last year.
Naturally, most of these varied attacks have been prompted by ideological interests and financial gains. In 2013, there was a rise in the compromise of credit and debit cards, representing 422 breach incidents, according to Verizon’s data.
It also turns out that hackers have grown more adept and faster at performing the attacks than organizations could respond to these threats. In other words, enterprises are lagging behind in deploying quick security controls, which underscores the importance of implementing and upgrading cybersecurity systems.
Attackers always begin by identifying potential targets on the Web and then launch automated attacks that only take a short period of time to complete. On the contrary, organizations could take months or years before detecting the attacks. One recent example to this is the Target breach, which had 40 million credit and debit cards data stolen, and it took several weeks before the event was spotted.
Web application attacks accounted for 35 percent of breaches in 2013. The attacks came in the form of hacktivism, a case where hackers launch attacks for political reasons, and also hackers who find incentives in compromising networks to scrape sensitive data. This usually hits government agency websites or content management sites.
Websites of financial institutions such as banks have been the constant victims of phishing and other attacks to steal financial data, exploiting vulnerabilities in SQL or Java scripts to inject malicious codes.
What is more interesting in Verizon’s report is that it shows these attacks are first detected not by the victim organizations themselves but by customers and third-party researchers. It only means most businesses have lax security measures in place, thus a dire need for boosting the infrastructure must be observed.
The second most worrying IT threat is cyber-espionage (11 percent), where state-sponsored hackers are usually the culprit. We have seen this in the recent discovery of government surveillance programs, most notably the Edward Snowden leak. Fortunately, we have also seen large Internet companies scrambling to encrypt their networks to address the spying.
Attacks through points of sale have also contributed to the threats against networks in 2013. It mostly affected small to medium sized companies and is done through RAM-scraping malware tools that snoop on random access memory transactions, where data are not yet encrypted, to steal information for financial gains.
Verizon’s report highlights the risks faced by various industries and what they must do to respond to threats and attacks.