Government // Cybersecurity
News
4/22/2014
10:20 AM
50%
50%

Cyber Espionage Incidents Triple: Verizon Report

As cyber espionage grows quickly, government agencies become the No. 1 target, finds 2014 Data Breach Investigations Report.

Government agencies are the most frequent target for cyber espionage, a type of attack that, though small in absolute numbers, is growing quickly, according the latest Data Breach Investigations Report from Verizon.

Public sector organizations accounted for 75% of the more than 63,400 security incidents reported worldwide, according to Verizon security researchers' findings in the 2014 Data Breach Investigations Report.

The high number of government incidents are skewed by US reporting requirements, which produce a "vast amount of minor incidents" that are not a sign of higher targeting or weak defenses, according to the report's authors. But they provide important clues about the evolving nature of security incidents.

One development masked by the overall numbers is a threefold increase in cyber espionage incidents in this year's report compared with last year's. The figures reflect a larger data set of reported espionage incidents, not necessarily a direct increase in attempts.  But because such incidents are hard to discern, and can take months to uncover, the larger reported number of incidents still represents a concern.

[NIST's cyber security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work? Read: Protecting Critical Infrastructure: A New Approach.]

"We're seeing a steady uptick in cyber espionage," says Bryan Sartin, director of the Research, Investigations, Solutions, Knowledge (RISK) team at Verizon Enterprise Solutions.

Espionage is considered "not significant" as a source of government security incidents because it accounted for less than 1% of the total. Because of the large number of other security incidents reported by government -- including insider misuse (24%), crimeware (21%), and theft or loss (19%) -- espionage does not appear on the statistical radar screen.

"This is relative," Sartin said, because in absolute terms the number of espionage incidents still is small compared with other types of incidents.

But public agencies were targeted more often than any business sector included in the report, and the United States was the No. 1 government target, accounting for 54% of government espionage.

The potential for damage from these incidents is real. In 62% of espionage cases the breach went months before being detected, and in 5% it went on for years. In 85% of cases the espionage was discovered by an outside third party rather than the victim.

Source: Verizon 2014 Data Breach Investigations Report
Source: Verizon 2014 Data Breach Investigations Report

The Verizon report analyzed 63,437 security incidents from 2013 reported by 50 organizations in 95 countries. Government contributors to this year's report include US-CERT, the Secret Service, the Defense Security Service, the Homeland Security Department's National Cybersecurity and Integration Center, and the Commonwealth of Massachusetts, all in the United States, along with agencies from Argentina, Australia, Columbia, Denmark, the European Union, Ireland, Luxembourg, Malaysia, the Netherlands, Spain, and Ukraine.

Governments participate in the study because it anonymizes the incidents and provides high-quality data, says Sartin. "At the end of the day, it's not a survey, it's investigations of data breaches."

The surge in cyber espionage was surprising. "We knew it was pervasive, but it's a little disconcerting when it triples last year's already much-increased number," the report authors wrote.

Much of the increase reflects the growing number of participants in this year's report, they said. But espionage still could be underreported because there are few requirements for publicly reporting it, and the characteristics of attacks vary greatly, making them difficult to identify.

Identifying the source of the espionage also is "really, really hard," the authors said. Still, they think at least 87% of reported espionage is being done by nation states, and about half of it seems to be from

Next Page

William Jackson is a technology writer based in Washington, D.C. He has been a journalist for more than 35 years, most recently covering the $80 billion federal government IT sector for Government Computer News. His coverage has ranged from architecture to international ... View Full Bio

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
asksqn
50%
50%
asksqn,
User Rank: Ninja
4/29/2014 | 4:34:55 PM
Whatever happened to accountability?
That a law must be passed to compel federal agencies to be transparent in order to track breaches is astonishing to me.  
WKash
50%
50%
WKash,
User Rank: Author
4/22/2014 | 3:59:50 PM
Re: Caution with the numbers
pfretty, thanks for making the added point: Sometimes, its easy to focus too much on the numbers and miss the larger message.  Your point that leading infrastructure sectors have been targeted more than retail and consumer sectors is an important part of that message, and one worth heeding.  Of note: see our story this week on the Cybersecurity Framework for Critical Infrastructure: Protecting Critical Infrastructure: A New Approach  and Sensitive Data: What Constitutes 'Reasonable Protection'?

 
pfretty
50%
50%
pfretty,
User Rank: Ninja
4/22/2014 | 3:44:46 PM
Re: Caution with the numbers
The actual numbers themselves are not as important as the overarching message -- in a data-based society, we need to pay more attention to accesspoints. According to the 2013 HP Ponemon Cost of Cyber Crime report (http://www.hpenterprisesecurity.com/ponemon-study-2013), all industries fall victim to cybercrime, but to different degrees. The report breakd out the average annualized cost of cyber crime appears by industry segment, and organizations in defense, financial services, and energy and utilities experience substantially higher cyber crime costs than organizations in retail, media and consumer products. Simply put hackers are under far more targeted campaigns while utilizing higher levels of sophistication. 

Peter Fretty, j.mp/pfrettyhp
WKash
50%
50%
WKash,
User Rank: Author
4/22/2014 | 1:16:29 PM
What's new about the espionage incidents
One of the other interesting points raised by the Verizon team in their findings on espionage is the fact that while spear phishing, via mostly email, remains the most often used method by hackers to break into a system, there has been a notable rise in strategic web compromises as a method of gaining initial access.
WKash
50%
50%
WKash,
User Rank: Author
4/22/2014 | 1:07:51 PM
Caution with the numbers
I think the narrative in the Verizon report says it well:

"Before someone concludes we're asserting a vast increase in
espionage in 2013, we're quite sure countless organizations
have been consistently targeted for several years. Instead,
we attribute this increase primarily to our ever-expanding set
of contributors conducting research in this area, along with
more community information sharing that improves discovery
capabilities. Like a streetlight illuminating cars parked along
the street, more contributors allow us to see more cars.
Unfortunately, we can also see that those cars have broken
windows and stolen stereos."
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.