Tuesday, April 16, 2013
2012 sees major increase in data breaches, study finds
Over the past few years, there has been an observable trend of organizations paying closer attention to the issue of data protection. High profile breaches and growing recognition of the costs of data loss, theft and exposure have caused companies of all sizes and industries to develop strategies and invest in tools to minimize their risk of becoming victims of such incidents.
However, as a recent study revealed, companies' data protection efforts may not be keeping pace with the growing number and sophistication of threats, as 2012 saw a major increase in data breaches.
A bad year for data protection
IBM's X-Force 2012 Year-End Trend and Risk Report identified 1,502 events in which companies reported the loss of corporate data due to a leak or breach in 2012. This is a nearly 40 percent increase over 2011, when IBM identified 1,088 of these incidents.
"In 2012, near daily leaks of private information about victims were announced like game scoreboards through tweets and other social media," IBM researchers noted in the report."Personal details, such as email addresses, passwords (both encrypted and clear text) and even national ID numbers were put on public display."
The study noted that denial of service (DDoS) attacks were particularly prevalent in 2012, but they were by no means the only tactics used by hackers and other cybercrimnals to steal corporate information.
Leslie Horacek, writing for the IBM Internet Security Systems blog, noted that attacks tended to demonstrate greater sophistication in terms of how they were performed, rather than the technology enabling these efforts.
"While media headlines are dominated by the achievements of advanced tactics used to breach high-profile organizations, more often than not, these efforts follow a path of least resistance and rely on simpler, tried-and-true methods rather than zero-day attacks and sophisticated malware," she explained.
According to the writer, these operational advancements have allowed cyberattackers to enjoy a greater return on exploit development than in past years.
The problems companies have experienced with data loss are likely to continue, and even grow, in the foreseeable future as data becomes both more prevalent and critical for firms' operations. Notably, big data analytics has firmly entered the mainstream as firms increasingly come to acknowledge the value to be gained from previously unusable unstructured data sets. Cybercriminals are also becoming aware of the value to be gained from big data sets, and are targeting this resource with greater intensity and frequency.
These data points and identifiable trends all suggest that firms must become more cautious and proactive when it comes to protecting their data. For example, companies should consider investing in secure file transfer solutions that can guarantee the integrity of big data sets as they are transferred through and between organizations. By doing so, firms can reduce their vulnerabilities, making themselves less viable targets for hackers and cyberattackers.