23 Apr 2013 Dave Hylender - 2012.Perhaps more so than any other year, the large scale and diverse nature of data breaches and other network attacks took center stage. But rather than a synchronized chorus making its debut on New Year’s Eve, we witnessed separate, ongoing movements that seemed to come together in full crescendo throughout the year. And from pubs to public agencies, mom-and-pops to multi-nationals, nobody was immune. As a result—perhaps agitated by ancient Mayan doomsday predictions—a growing segment of the security community adopted an “assume you’re breached” mentality.
Motives for these attacks appear equally diverse. Money- minded miscreants continued to cash in on low-hanging fruit from any tree within reach. Bolder bandits took aim at better-defended targets in hopes of bigger hauls. Activist groups DoS’d and hacked under the very different—and sometimes blurred—banners of personal ideology and just-for-the-fun-of-it lulz. And, as a growing list of victims shared their stories, clandestine activity attributed to state-affiliated actors stirred international intrigue.
All in all, 2012 reminded us that breaches are a multi-faceted problem, and any one-dimensional attempt to describe them fails to adequately capture their complexity. Shaping the many threads into a coherent story that did the dataset justice was probably the most challenging aspect of this year’s report. As we dug in, we noticed a very strong correlation between the motives and methods of different varieties of threat actors, and decided to relay our findings through that lens.
We continue to learn a great deal from this ongoing study, and we’re glad to have the opportunity once again to share these findings with you. We really appreciate you taking the time to read it. You may access the full report here or here http://www.verizonenterprise.com/DBIR/2013/