After lurking in the shadows for the first ten months of 2013, cybercriminals unleashed the most damaging series of cyberattacks in history. Symantec Corp.’s Internet Security Threat Report (ISTR), Volume 19, shows a significant shift in cybercriminal behaviour, revealing the bad guys are plotting for months before pulling off huge heists – instead of executing quick hits with smaller rewards.
“One mega breach can be worth 50 smaller attacks,” said Kevin Haley, director, Symantec Security Response. “While the level of sophistication continues to grow among attackers, what was surprising last year was their willingness to be a lot more patient – waiting to strike until the reward is bigger and better.”
In 2013, there was a 62 percent increase in the number of data breaches from the previous year, resulting in more than 552 million identities exposed – proving cybercrime remains a real and damaging threat to consumers and businesses alike.
“Security incidents, managed well, can actually enhance customer perceptions of a company; managed poorly, they can be devastating,” wrote Ed Ferrara, VP and principal analyst, Forrester Research. “If customers lose trust in a company because of the way the business handles personal data and privacy, they will easily take their business elsewhere.”
The size and scope of breaches is exploding, putting the trust and reputation of businesses at risk, and increasingly compromising consumers’ personal information – from credit card numbers and medical records to passwords and bank account details. Each of the eight top data breaches in 2013 resulted in the loss of tens of millions of data records. By comparison, 2012 only had a single data breach reach that threshold.
“Symantec’s Internet Security Threat Report demonstrates that on the internet everything is interconnected. Other people’s actions can impact our personal information. We all need to be vigilant and manage our own security and privacy,” says Martin Cocker, Netsafe executive director.
“Nothing breeds success like success – especially if you’re a cybercriminal,” said Haley. “The potential for huge paydays means large-scale attacks are here to stay. Companies of all sizes need to re-examine, re-think and possibly re-architect their security posture.”
Targeted attacks were up 91 percent and lasted an average of three times longer compared to 2012. Personal assistants and those working in public relations were the two most targeted professions – cybercriminals use them as a stepping stone toward higher-profile targets like celebrities or business executives.
The Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report is based on data from Symantec’s Global Intelligence Network, which Symantec analysts use to identify, analyse, and provide commentary on emerging trends in attacks, malicious code activity, phishing, and spam.