Thursday, April 25, 2013

WSJ: After China, Romania is Biggest Source of Data Theft Says Report

By Anna Leach

After China, the world’s biggest source of global data theft comes from inside the European Union, said a report published Tuesday.

Verizon Communications Inc.’s Data Breach Report 2013 found that more than a quarter of the world’s data thieves operated in Romania.

Some 28% of the hackers behind 47,000 data breaches investigated by Verizon were working from Romania. That was second only to China with 30%. By contrast only 18% of data thieves were acting out of the U.S. said the company.

In a wide-ranging report, Verizon found that the majority of data thieves are not high-tech espionage agents, but rather petty criminals hacking for money and using rudimentary skills.

Three quarters of all data thefts analyzed were financially-motivated and less than 1% used techniques that Verizon classed as high-tech.

The focus on cash not politics meant that private businesses, not government, were the main target, with under 5% of attacks analysed targeting the public sector. Data thieves took all sorts of corporate information, said Verizon’s global investigation manager Dave Ostertag.

“Thieves steal corporate information for a variety of purposes,” he said. “If you steal quarterly earnings statements prior to announcement, that has value to someone. If you have a process that your competitors don’t have — that process makes you more efficient or you have a larger market share because of that process, that has value.”

The theft of intellectual property has become an increasing problem, especially for small business in the technology and science sectors: “Smaller companies used to say ‘we don’t have to worry about a data breach’, that’s not true any more,” said Mr. Ostertag.

“When we look at espionage, it’s not just defense contractors and the government, it’s boutique engineering firms that might specialize in say aerospace, or might specialize in undersea [engineering], with maybe a hundred employees or less. These type of companies are victims too.

“It might be a small firm that’s got a piece of information that might be valuable to a competitor or to a state.”

Even when hacking is state-affiliated — and 19% is according to the report — it may be targeting a private business for commercial purposes rather than state bodies.

Verzion’s Data Breach Report 2013 is based on 47,000 incidents investigated by their security arm Verizon Risk for their clients in 2012. Some 621 breaches were analyzed in more detail. The report also draws in data from Verizon’s 19 partners on the report including the Danish Intelligence Service, Carnegie Mellon University, Deloitte and the U.S. Department of Homeland Security.

No comments: