The cyber world has become increasingly dangerous as more organizations migrate sensitive information to virtual environments in the hopes of improving agility and efficiency while reducing cost. Unfortunately, cybercriminals have also matured, changed tactics and are targeting this information with new intentions. According to Verizon's annual study, 2011 was the year when hactivists, or cyber political protesters, invaded the Internet and endangered mission-critical data.
In its 2012 Data Breach Investigations Report, Verizon found that 58 percent of stolen data in 2011 was attributed to hactivism activities, compared to the past several years when cybercriminals operated primarily for financial gain. The information these outsiders were after last year also changed, as 98 percent of attacks in 2011 targeted personally identifiable information, compared to only 1 percent that did so in 2010.
Additionally, the study found that the majority of incidents could have been avoided if the company had taken simple data protection steps. Ninety-seven percent of all data breaches in 2011 were preventable and 96 percent were simple in nature, as many of the cybercriminals did not have sophisticated hacking skills or tools. External breaches committed by past employees, activist groups, organized criminals and other outsiders accounted for 98 percent of all incidents, while insider events decreased slightly, according to Verizon.
The number of countries plagued by these outsiders in 2011 also dramatically increased from 2010. According to the report, 36 countries experienced data security breaches last year, compared to only 22 in the prior study. This suggests that the incidents have become global phenomenon that all companies need to address.
"The report demonstrates that unfortunately, many organizations are still not getting the message about the steps they can take to prevent data breaches," Verizon director of risk intelligence Wade Baker said.
Enterprises, for example, should eliminate non-mission-critical information after it is no longer needed. Meanwhile, all sensitive records should have adequate protection in place to support them, Verizon noted.
Large corporations also need to assess their threat landscape and tailor data security practices to their specific industry. A common way to prevent outsiders from accessing sensitive information is to take a layered approach, which stacks different types of security to make the network nearly impenetrable, according to a report by BreakingPoint Systems. While organizations won't be able to prevent 100 percent of all breaches, they can significantly improve their ability to block outsiders from getting onto their networks.
Although big companies represented a large portion of all data breaches in 2011, smaller firms have also been targeted because of the perception that they have weaker security systems. One of the first things that small and medium-sized businesses should do is implement a firewall to prevent unauthorized individuals from reaching sensitive information. SMBs should also change the default passwords and logins that come with new point-of-sale and other systems used to acquire data, Verizon asserted.
One of the best ways for smaller firms to improve security is to train employees. By establishing basic practices that all workers need to follow, as well as setting clear penalties for violating these principles, decision-makers can significantly reduce the chances of data breaches from happening, according to a report by the Federal Communications Commission (FCC).
Additionally, IT departments should download and install software updates as soon as they become available, the FCC said. These will often come with improved data security solutions and make the network less vulnerable to attack.
Verizon noted in its report that the most effective method to protect against cybercrime is by increasing awareness among all businesses. Education and training are vital to keeping sensitive information safe and out of the hands of cybercriminals and hactivists.
Data Security News from SimplySecurity.com by Trend Micro