After lurking in the shadows for the first 10 months of 2013, cybercriminals have unleashed the most damaging series of cyber-attacks in history.
Symantec’s Internet Security Threat Report (ISTR), Volume 19, shows a significant shift in cybercriminal behaviour, revealing the bad guys are plotting for months before pulling off huge heists – instead of executing quick hits with smaller rewards.
“One mega breach can be worth 50 smaller attacks,” says Nick Christodoulou, country manager: South Africa at Symantec. “While the level of sophistication continues to grow among attackers, what was surprising last year was their willingness to be a lot more patient – waiting to strike until the reward is bigger and better.”
In 2013, there was a 62% increase in the number of data breaches from the previous year, resulting in more than 552-million identities exposed – proving cybercrime remains a real and damaging threat to consumers and businesses alike.
“Security incidents, managed well, can actually enhance customer perceptions of a company; managed poorly, they can be devastating,” wrote Ed Ferrara, VP and principal analyst, Forrester Research. “If customers lose trust in a company because of the way the business handles personal data and privacy, they will easily take their business elsewhere.”
South Africa’s 2013 Internet security threat profile improved slightly from a world rank of 45 in 2012 to 46 in 2013. This shift indicates a lower number of security threats across all categories with the exception of malicious code, which saw a rank change from 28 in 2012 to 25 in 2013. South Africa as a threat source for spam and phishing hosts decreased from 2012 to 2013, with respective world rankings from 48 to 55 and 34 to 41.
Larger organisations with more than 2 500 employees in South Africa experienced the majority of spear phishing and targeted attacks in 2013 at a high of 75%, while 25% targeted smaller sized companies with one to 250 employees.
Top spear phishing and targeted attacks were recorded in the transportation, communications, electric, gas and sanitary services industry with more than 28%, while the finance, insurance and real estate industry was targeted at almost 12%.
The size and scope of breaches is exploding, putting the trust and reputation of businesses at risk, and increasingly compromising consumers’ personal information – from credit card numbers and medical records to passwords and bank account details. Each of the eight top data breaches in 2013 resulted in the loss of tens of millions of data records. By comparison, 2012 only had a single data breach reach that threshold.
“Nothing breeds success like success – especially if you’re a cybercriminal,” says Christodoulou. “The potential for huge paydays means large-scale attacks are here to stay. Companies of all sizes need to re-examine, re-think and
possibly re-architect their security posture.”
Targeted attacks were up 91% and lasted an average of three times longer compared to 2012. Personal assistants and those working in public relations were the two most targeted professions – cybercriminals use them as a stepping stone toward higher-profile targets like celebrities or business executives.
While the increasing flow of data from smart devices, apps and other online services is tantalising to cybercriminals, there are steps businesses and consumers can take to better protect themselves – whether it be from a mega data breach, targeted attack or common spam.
Symantec recommends that business know their data, educate employees and implement a strong security posture.
Consumers are advised to be security savvy, be vigilant and know who they work with.
