 "Hackers Going For Quality, Not Quantity Of Data")
Marketers strategise by choosing a select market, so that they can maximise their output. Likewise cyber criminals are following similar footsteps. The Symantec Intelligence Report, August, 2012 has found that cyber attackers are becoming more selective about their targets and moving away from a generic approach of reaching out to the masses.
At first glance it appears that attacks are down—while the overall number of breaches stayed about the same, the average number of identities stolen per breach is down by almost half.
A data breach i.e. the accidental or unauthorised release of private information, is a serious issue for any organisation. The exposure of customer data can lead to a significant loss of a user’s confidence in the organisation. Additionally, the organisation could find itself violating data privacy laws or on the receiving end of a lawsuit created by its users. According to Symantec’s Cost of Data Breach Report 2012 on average, it costs Indian organisations Rs. 2,105 for each lost or stolen record.
In the last eight months of 2011 the average number of identities stolen was 1,311,629 per data breach (globally). So far in 2012, this number is down to 640,169 identities per breach—that’s a drop of more than half. The reasons for this drastic drop in average number identities stolen point out that, while the overall number of attacks where about the same, there number of records stolen in the biggest attacks in 2011 was much larger. It clearly suggests that hackers aren’t going after the largest data breaches they can pull off, but rather smaller breaches that contain more sensitive information. We may not see the sheer numbers of attacks per month like we did in our 2011 data set, but that doesn’t mean that the threat has passed.
Cyber criminals have also realised that by being selective with their breaches there is low risk of being traced, less time consumed and a higher chance of being successful.
Looking at the following numbers, it appears that the number of identities stolen in each breach is up.
The average number of breaches per month was 16.5 in our 2011 data set, while in 2012 this number dropped to 14
In the last eight months of 2011 the average number of identities stolen was 1,311,629 per data breach. So far in 2012, this number is down to 640,169 identities per breach—that’s a drop of more than half
The top five breaches in our 2011 data set all registered in the tens of millions of identities. In 2012, only one breach registered above 10 million
The median of identities stolen in 2012 is 6,800 per breach. That’s 41 percent higher than the previous eight months, at 4,000 per breach
A whopping 88 percent of all identities stolen in data breaches during 2012 have been the result of hackers. The same was true for our 2011 data set, though the number for has grown—up 14 percent from 74 percent in May through December of 2011
Roughly 1 out of every 5 breaches was caused by the accidental exposure of data
The Symantec Intelligence report provides the latest analysis of cyber security threats, trends, and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. The data used to compile the analysis for the August 2012 report includes data from January through August 2012.