NEWSBYTE SMEs and healthcare organisations are the biggest targets of hackers and organised criminals, according to Verizon, with personal, medical, and financial data firmly in their sights.
The communications giant has published its 11th annual data breach investigations report (click to download the full PDF). The 68-page document details all of the different types of data security incidents and breaches that took place last year.
It finds that 73 percent of breaches were perpetuated by outsiders, with 50 percent carried out by criminal groups, 28 percent by internal actors, and 12 percent by hostile states or affiliated organisations. Two percent originated at partner organisations, according to the report.
Personal data was the biggest target of attacks, followed by payment details, private medical records, and personal or business credentials.
Nearly 50 percent of all incidents involved hacking, 30 percent included malware, 17 percent were triggered by errors, and a further 17 percent were social attacks. In addition, 12 percent of breaches or incidents involved privilege misuse, and 11 percent were caused by physical actions.
Seventy-six percent of all incidents were financially motivated, says Verizon, with 13 percent motivated by the potential gain of strategic advantage (espionage).
The report reveals that 24 percent of breaches affected healthcare organisations, 15 percent involved accommodation or food services, and 14 percent hit public sector organisations. However, by far the biggest targets – at 58 percent of all breaches – were SMEs.
Alongside the troubling focus on healthcare organisations – and private medical data – and the overwhelming impact on smaller businesses, the report reveals that 68 percent of breaches took months, or even longer, to discover.
However, by far the largest type of incident – including attempted breaches – remains Denial of Service (DoS): Verizon logged over 21,400 such attacks last year. In terms of successful breaches, 399 involved stolen (hacked) credentials, while over 300 involved RAM-scraping malware, with phishing and privilege abuse not far behind.
Within organisations, the biggest targets were databases, followed by POS servers, POS controllers, and Web apps.
Internet of Business says
Internet of Business is committed to providing solutions to security problems, as well as to reporting news of any emerging or common threats. Here are some of our recent reports on this challenging problem, and on related areas.