Hacktivism skews security trend analysis

Powered by SC Magazine
 

Difficult to make sense of data breach numbers.

The re-emergence of the hacktivist movement appears to have thrown a spanner in the works for those in the InfoSec industry charged with data breach trend analysis.

There has been a series of massive data breaches over the last 16 months - each of which compromised more than a million identities.

During the same time, much smaller incidents occurred in which only a handful of records were stolen.

CQR Consulting chief technology officer Phil Kernick said in July that the Anonymous hacking collective “tend[ed] to find the vulnerable sites first, and justify their actions afterwards”.

The August Symantec Intelligence Report reflected the skewed results in a comparison of the first eight months of this year against the last eight months of 2011, covering what the company said was the revival of the hacktivist AntiSec (anti-security) campaign.

The median number of identities stolen in data breaches had risen some 41 percent since last year from 4000 per breach to 6800.

“The top five breaches in our 2011 data set all registered in the tens of millions of identities. In 2012, only one breach registered above 10 million,” report author Paul Wood said.

“The reasons for this drastic drop in average number identities stolen point to the fact that, while the overall number of attacks were about the same, the number of records stolen in the biggest attacks in 2011 was much larger.”

However, the report also found the average number of identities stolen fell from 1,311,629 per breach to 640,169 this year.

“While the overall average number of identities stolen is down, the core number of identities stolen - when accounting for variance - is increasing over time,” Wood said.

But the wild variance in breached records which skewed results made it difficult to identify trends, he said.

The study found that while attacks decreased, the number of breaches plateaued. There were on average 16.5 breaches per month in 2011 compared to 14 this year.

Wood speculated that the drop in the size of breaches could indicate enterprises had shored-up information security following the large breaches of last year, or that hackers were targeting smaller organisations that hold more sensitive data.

Retail businesses suffered the highest number of identities (40 percent) extracted per breach this year, ahead of telecommunications (15 percent) and computer software (13 percent).

However the health care sector endured the most breaches, (34.1 percent) followed by computer software (14.3 percent) and education (11 percent).

The report has been posted online (pdf).

Copyright © SC Magazine, Australia


Hacktivism skews security trend analysis
 
 
 
Top Stories
Westpac interim CIO resigns
Group CIO yet to be appointed.
 
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
Telstra prepares to shut down 2G network
Update: Will farewell "old friend" by end of 2016.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  27%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  23%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  5%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 905

Vote