State-backed cyber attacks on the increase, says Verizon report

State-sponsored cyber espionage increased three-fold in 2012

State-backed industrial espionage increased three-fold during 2012, making it the second biggest cyber threat to organisations.

That's according to the 2013 Data Breach Investigation Report from enterprise solutions provider Verizon, published to coincide with the beginning of the InfoSec security conference in London. While state-sponsored cyber crime is on the increase, the most common reason behind security breaches is still hackers breaking into corporate networks for financial gain.

As a result, the Verizon report found 37 per cent of breaches affected financial organisations, 24 per cent affected retail and restaurants, while 20 per cent of network intrusions affected critical infrastructure such as transport, utilities and manufacturing. The report contains information about 621 confirmed data breaches in addition to 47,000 security incidents.

Verizon attributes the vast majority of state-sponsored cyber attacks - 96 per cent of them - to China, with hackers attacking small to medium-sized organisations employing under 1,000 people as often as they are targeting large corporations. Smaller firms tend to be hit hard in this way because they don't tend to have the proper security in place to protect against hackers.

Attack methods include exploiting weak username and password protection, malware and social phishing. The report also suggests that attacks often remain undiscovered for months or even years after initial compromise, with 69 per cent of data breaches discovered by third parties rather than the affected organisations themselves.

Verizon also found that the proportion of security breaches attributed to hacktivism remained steady, but the amount of data stolen in such incidents had decreased, as hacktivists shift to other methods such as distributed denial of service (DDoS) attacks. However, these attacks still impair businesses and operations, as paralysing or disrupting systems leads to financial loss.

"The bottom line is that unfortunately, no organisation is immune to a data breach in this day and age," said Wade Baker, principal author of the Data Breach Investigations Report series.

"We have the tools today to combat cybercrime, but it's really all about selecting the right ones and using them in the right way.

"All in all, the large scale and diverse nature of data breaches and other network attacks took centre stage for all to see in 2012," he added.

The reported increased threat of state-sponsored cyber attacks is backed up by News International CISO Amar Singh, who recently told Computing that every state is engaging in cyber attacks.

"Whichever way you look at it, there is hardly any nation of any size not either directly or indirectly sponsoring some kind of cyber warfare," he said.