Verizon: Hacktivists stole 100 million+ records in 2011
Hacktivists emerge as a big threat in 2011, targeting large organizations and stealing more records than financially motivated criminals, report finds.
While more than 80 percent of the data breaches in 2011 were due to organized criminal activity, the number of records pilfered from activist groups represented 58 percent of the total, the report finds.
In particular, hacktivists targeted corporations and big agencies, and consumer data. Activist groups accounted for more than 22 percent of the data breaches targeting large organizations. Meanwhile, 95 percent of the records compromised last year included personal information about individuals, compared with only 1 percent the year before, Verizon said.
Financially motivated cyberthieves tend to do more breaches in total than hacktivists, but grab smaller amounts of data at a time and target smaller organizations that are low-hanging fruit, according to the report.
"This new trend contrasts sharply with the data breach pattern of the past several years in which most of the data was stolen by cybercriminals whose primary motivation is financial gain," said Wade Baker, Verizon's director of risk intelligence.
In total, there were 855 data breaches across 174 million stolen records, representing the second highest data loss Verizon researchers have seen since they began compiling data in 2004. More than 80 percent used hacking, nearly 70 percent incorporated malware, and only 7 percent used social tactics.
The Ponemon Institute and Symantec released a report yesterday that found that the average total cost of a data breach last year dropped to $5.5 million from $7.2 million a year earlier. Per record, the cost dropped to $194. "It's not a huge difference, but it's not chump change either when you add up the records," said Larry Ponemon, chairman and founder of the Ponemon Institute.
Lost business costs from a breach declined 34 percent to $3 million, which includes abnormal turnover of customers, or churn, increased customer acquisition activities, reputation losses, and diminished goodwill. The average abnormal churn rate was down 18 percent. Meanwhile, malicious attacks represented 37 percent of all data breaches, negligent insiders caused 39 percent of the cases, and system glitches were attributed in 24 percent, according to Ponemon.
Not surprisingly, organizations that have a chief information security officer had lower costs for data breaches. "It is a signal that the organization has got its act together from a governance perspective and are more likely to be able to deal with a breach from a regulatory and controls standpoint," Ponemon said.