As the number of data breach incidents grew, the number of identities exposed also increased. This was the gist of Symantec Corp.’s Internet Security Threat Report (ISTR), Volume 19, which also reported that cybercriminals are now shifting behavior, employing more sophisticated attacks such as ransomware and spear-phishing, which yield them more big rewards per attack.
“There has been a decline in Philippines’ cyber security threat profile, ranked 32nd globally last year. A key observation is while the level of sophistication continues to grow among attackers, what was surprising was their willingness to be a lot more patient – waiting to strike until the reward is bigger and better,” said Luichi Robles, senior country manager of Symantec Philippines.
Proving cybercrimes still rampant and damaging to businesses and customers, the number of data breach incidents increased by 62% to 253 in 2013 from 156 the previous year, resulting to the exposure of more than 552 million identities as against 93 million identities exposed in 2012
The report also reveals that the Philippines’ ranking in the worldwide threat activity (malicious code, spam, phishing, bot-infected computers, network and Web attacks) profile among the more than 150 countries and territories went down to 32nd, from 36th in 2012.
“There has been a decline in Philippines’ cyber security threat profile, ranked 32nd globally last year. A key observation is while the level of sophistication continues to grow among attackers, what was surprising was their willingness to be a lot more patient – waiting to strike until the reward is bigger and better,” said Luichi Robles, senior country manager of Symantec Philippines.
Robles also said that 2013 was the year of the mega breach as a lot of data breaches happened towards the end of 2013, with eight of the data breaches exposing more than 10 million identities. The average number of identities exposed last year was four times greater than in 2012.
Of the total data breaches, the bulk or 34% was caused by hacking. With 87 data breach incidents, the average number of identities exposed per data breach for hacking incidents was approximately 4.7 million. The second biggest source of data breaches, at 29% and with 72 incidents, was due to accidental exposure. Theft or loss of a device, with 69 incidents, ranked third, and accounted for 27% of data breach incidents. Other causes of data breaches include insider theft which accounted for six percent; unknown cause, two percent; and fraud, two percent.
By sector, breaches were high in healthcare, education and the government which accounted for 58% of all data breaches in 2013. On the other hand, it was the retail, computer software and financial sectors which accounted for 77% of all identities exposed last year.
As the size and scope of breaches is exploding, the trust and reputation of businesses are put at risk, and even personal information of consumers is increasingly compromised. Data targeted during a breach does not only involved financial information, it also targets information such as names, birth dates, government ID numbers, addresses, medical records, phone numbers, email addresses, user names and passwords and insurance.
Meanwhile, organizations with 500 or less employees are the main targeted attacks of spear-phishing by cybercriminals, particularly those companies with less than 250 personnel which accounted for 94% of the total small and business enterprises included in the report.
Ramsonware threats, where attackers pretend to be law enforcement demanding a fake fine of between $100 to $500, grew by 500% in 2013. The company said that ransonware evolved last year with the appearance of Ransomcrypt, commonly known as Cryptolocker, which encrypts a victim’s network drives where critical business information may be stored.
“The potential of huge paydays means large-scale attacks are here to stay. Do not expect cybercriminals to slow down but rather, they will be more innovative and efficient in their attacks, targeting small and medium businesses (SMBs) with less than 500 employees, in particular the wholesale and manufacturing sectors in the Philippines,” said Christina Tee, technical consultant at Symantec Philippines.
Companies of all sizes need to re-examine, re-think and possibly re-architect their security posture, Tee ended.
