In April of 2011, the Verizon RISK team, the US Secret Service and the Dutch High Tech Crime unit released the latest version of the Data Breach Investigations report. It is the culmination of a year long study defining types, methods and characteristics of cybercrime.
According to the latest reports, 92 percent of data breaches came from external sources resulting in the loss of over 4 million records. Some of the characteristics of this type of cybercrime are that attacks were on targets of opportunity and the technical level of the hack was not high. As a result, the report determines that 96 percent of the breaches were avoidable using basic security controls.
Organized criminal groups, often from Eastern Europe, composed 58 percent of the external threats reported by Verizon and the Secret Service. The report speculates that economies of scale allow well-funded groups to establish automated and repeatable attacks against vulnerable targets. Another 40 percent of attacks were from "unaffiliated person(s)" who may fall into the class of attacker often known as the "script kiddie" or other hacker.
Cybercrime also comes from the inside of an organization. The Breach Report classifies the insider threats as deliberate and malicious, inappropriate but not malicious, and unintentional. Insiders are trusted people within a network who already have some level of access to sensitive or confidential data and records.
Nearly 17 percent of all records lost were due to insider activity and 12 percent of those were caused by executives, system administrators or developers. The total numbers are down from last year's report but still represent a significant number of records lost.
Finance and accounting staff members with access to sensitive financial information, executives and upper management with access to strategic level documents and data provide ample opportunity for intellectual property to leak out of an organization and into the wrong hands.
The number one method of getting access to data was hacking. Hacking by either organized crime or unaffiliated hackers involves exploiting vulnerabilities in an organization's network. SQL injection attacks on unpatched servers, weak passwords on unprotected workstations, or running unnecessary or insecure services on systems all provide hackers with the means of getting to the data they want.
The use of malware is another characteristic of these cybercrimes allowing the hacker to get access to data. This often falls into the camp of inappropriate but not malicious use of a system. When users visit websites or click on phishing links on their computers they expose their systems to the installation of malware that is then used as a back door into the network.
Social media is a rapidly growing threat vector as Facebook, MySpace, LinkedIn and Twitter provide the means for insiders to leak data out or for hackers to inject malware into a network.
Ultimately enterprise security teams must plan for each of these types and methods of cybercrime. Security must establish policies to protect the sensitive data in a network from both external and internal threats.