A cyber-attack can affect organizations at different levels. While organizations are actively trying to prevent these attacks, ironically the number of attacks seems to be constantly on the rise. More shockingly, the 2012 Data Breach Investigations Report released by Verizon indicates a dramatic increase in cyber-attacks linked to hacktivist groups. Groups like ‘Anonymous’ and ‘LulzSec’ are seen to attack organizations for reasons other than financial gain.
Chris Porter, a member of Verizon’s RISK team, which was actively involved in consolidating information for the 2012 Data Breach Investigations Report, says that more often than not, irrespective of the size of the organization, industry, or its location, the root causes for these breaches were traced to compromise of credentials or attacks on web applications.
This report reviews 855 data breaches across175 million stolen records, and the findings of this report clearly indicate the international nature of cybercrime. It was seen that the breaches included in the report had originated from 36 countries, which is a steep increase from 22 countries in 2010. Moreover, almost 70% of these breaches originated in Eastern Europe, and less than 25% had originated in North America. According to Porter this could be because of the legal framework that exists in Eastern Europe, in which cyber criminals are easily able to locate loopholes.
However, going beyond geographic parameters, researchers have also noted that the size of the organization also has a major part to play. For instance, larger organizations may have to do much more to protect their systems, and should be able to identify new risks and vulnerabilities. But in most cases, organizations do not pay much attention to how they are being attacked. This is the reason why a number of attack vectors are still being used successfully by hacktivist groups.
Hacktivism: A Serious Threat
When it comes to hacktivist attacks, the primary difference is that they are not waged with the intention of financial gain. These hacktivist groups have been around for quite some time, but they did not get much attention. These groups are now more frequently attacking large organizations, breaking into their databases, and stealing data of any kind, including emails, password lists etc., which they can publish. And it was seen that in the year 2011, more data has been compromised by hacktivists, than by organized crime.
How can organizations respond to this evolving threat?
Cyber threats are an ongoing challenge for every organization. But with security attacks turning out to be more sophisticated and organized, dealing with this challenge becomes even more difficult. However, to best safeguard data and ensure complete information security, organizations should resort to an end-to-end security and compliance management solution like SecureGRC. eGestalt’s SecureGRC is a completely automated and integrated solution, which has the capability to detect emerging threats and prevent security mishaps by closing gaps in the system as and when they arise.