Cyber attacks are on the rise, with several recent high-profile examples. Indeed, 2012 broke the previous record in terms of the number of reported data loss incidents. With 2,644 incidents recorded through mid-January 2013, 2012 more than doubled the previous highest year on record (2011). Furthermore, the extent of attacks is likely to be far higher since around 20 percent of reported incidents did not disclose the number of records involved (1).
Cyber risks can result in significant financial loss and reputational damage to an organization. The threat is multifaceted, varying from disgruntled or negligent insiders to external hacking (ranging from individuals and small groups to state-sponsored activity). The recent Verizon Security Consultants 2013 Data Breach Investigations Report gave some insight into this area of risk in the United States. From a sample of 621 breaches, external attacks remained responsible for most data breaches, with 92 percent of them attributable to external agents. Fourteen percent implicated insiders while business partners were responsible for about one percent of data breaches.
In terms of attack methods, 92 percent used some form of hacking or malware and 29 percent leveraged social tactics. Two-thirds of all breaches took months or more to discover and 96 percent of all initial attacks were not highly difficult to execute.
In addition, the past decade has seen hackers evolve from maladjusted teenagers intent on vandalizing websites or disrupting networks to individuals and groups motivated by commercial gain and state-sponsored groups seeking to steal intellectual property and/or to disrupt infrastructure of rivals or enemies.
1 Data Breach QuickView - Risk Based Security and Open Security Foundation (February 2013).