Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Data breaches on the rise as attacks get more complex

Hamish Barwick | April 24, 2014
There were 1361 confirmed data breaches reported worldwide in the first calendar quarter of 2014, up 119 per cent on the 621 breaches during the same period last year, according to Verizon.

There were 1361 confirmed data breaches reported worldwide in the first calendar quarter of 2014, up 119 per cent on the 621 breaches during the same period last year, according to Verizon.

The networking firm's 2014 Data Breach Investigations Report also found that there were over 63,000 security incidents during the quarter, up from 47,000 a year earlier.

Verizon Australia senior solutions consultant Aaron Sharpe said the reason data breaches have "got worse" since last year is that the types of breaches and sophistication of these attacks has become more "complex and extensive."

For example, a pattern which the vendor has labelled crimeware has emerged. Crimeware brings together Web loggers, distributed denial of service (DDoS) attacks and spamming to target companies for financial gain, he said.

"The primary goal of crimeware is to gain control of systems as a platform for stealing credentials, launching distributed denial of service (DDoS) attacks or spamming. When Web loggers and other software is chained together, it can lead to a breach or security incidence."

According to the Verizon report, there were 12,535 reported incidents of crimeware globally.

Sharpe said organisations should keep anti-virus software and Web browsers up to date and consider implementing configuration change monitoring to reduce their risk.

Meanwhile, there were 16,554 incidents due to miscellaneous errors, the majority of these were due to human error such as people sending sensitive emails or documents to the wrong person. Another common mistake was posting private information to a public folder or even an external website.

He recommended that organisations consider implementing data loss prevention software to reduce instances of sensitive documents getting sent by email.

"People should also tighten up processes around posting documents to internal and external websites and scan the Web for non-public data," he added.

Insider and privilege misuse was also a big trend with 11,698 incidents reported.

Sharpe said this misuse can be caused by system administrators or people from outside who are paying off staff that have access to key information.

"It could also be an employee who is ticked off or angry with the organisation and wants to cause some damage."

The corporate local area network (LAN) was used to steal information in 85 per cent of reported cases, the report said. Top targets including the public sector, real estate, transportation, manufacturing and mining companies.

Sharpe recommended that companies and government agencies review user accounts.

"Having identified who has access to sensitive data, implement a process for revoking access when employees give notice or are dismissed. IT staff should also set up controls or watch for data transfer out of the organisation."

Lost and stolen assets, such as laptops accidently left at airports, continued to be a problem for organisations with 9704 cases reported globally. The report suggested that organisations should encrypt devices.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.