When it comes to cybersecurity, 2013 was not a good year. Major companies like Adobe, Microsoft and Target suffered a security breach last year, and it was revealed that the NSA was hacking into pretty much every Internet user in the entire world. These findings came from two recently released cybersecurity reports.
In Akamai Technologies’ “State of the Internet report” for Q4 2013, it revealed an increase in DDoS attacks. Reported attacks increased 23% from the third quarter to the fourth quarter. Overall there was a 50% increase for the year.
(Related: 2013 was supposed to be the year focus shifted to security)
According to the report, the majority of attacks targeted the enterprise and commercial infrastructure. Together they accounted for about 70% of reported attacks for the quarter, with almost 50% of total attacks being reported from the Americas.
The report also found that the likelihood of repeat hack attacks is roughly one in three.
Other key findings included DDoS attack traffic up by 75% from the fourth quarter of 2012, with the majority of traffic coming from China. (Akamai defines attack traffic as an attack that its agents have detected, as opposed to an ordinary attack, which is reported by companies.)
Meanwhile, Verizon’s “2014 Data Breach Investigations Report” tagged 2013 as the “year of the retailer breach.” There was not one month in 2013 where a breach didn’t occur.
In addition to retail, other areas that suffered from security incidents in 2013 included accommodation, finance, IT, and the public sector.
“Organizations need to realize no one is immune from a data breach,” said Wade Baker, principal author of the Data Breach Investigation Report series. “Compounding this issue is the fact that it is taking longer to identify compromises within an organization—often weeks or months—while penetrating an organization can take minutes or hours.”
The report also found that 92% of 100,000 security incidents analyzed over the past 10 years can be traced to nine basic attack patterns, such as sending an e-mail to the wrong person, crimeware (defined as malware that gains control of systems), insider/privilege misuse, physical theft/loss, Web app attacks, denial of service attacks, cyber-espionage, point-of-sale intrusions, and payment card skimmers.
Of those nine patterns, Web applications “remain the proverbial punching bag of the Internet,” as the report puts it. In 2013, the majority of attacks were Web application attacks, with cyber-espionage and point-of-sale intrusions following.
When it comes to Web attacks, Verizon recommended staying away from single-factor password authentication, providing automatic patches for content-management systems, fixing vulnerabilities as soon as possible, enforcing lockout policies, and monitoring outbound connections.