The U.S. (and the World) is Losing the Fight Against Hackers
Late last week, Verizon released their annual Data Breach Investigations Report. With collaboration from the U.S. Secret Service, the Dutch High Tech Crime Unit, the Irish Reporting and Information Security Service, the Australian Federal Police, and the Police Central e-Crime Unit of the London Metropolitan Police, the 2012 report releases some staggering numbers: “hacktivists” (hacker activists, including the group Anonymous) were responsible for 58% percent of all thieved data in 2011. Verizon has been tracking hacktivist activity since 2004 and said that 2011’s breaches exceeded the total from all other years combined. This trend, according to Bryan Sartin, head of Verizon’s Data Breach Investigations Report team, indicates “probably the biggest and single most important change” in this report.
Not only are the number of attacks growing but cyber criminals went after devices like ATMs, laptops and smartphones in a much higher frequency than they did in previous years, accounting for 60% of all attacks in 2011. Other prime targets of hacktivists this past year have been News Corp., Sony, PBS, the Federal Bureau of Investigation, Central Intelligence Agency, Department of Justice, and a number of security firms. In total, Verizon and its collaborators recorded a total of 855 data breaches, encompassing a whopping 174 million compromised records. The number of data breaches in 2010 (as accounted for in Verizon’s 2011 Data Breach Investigations Report) was just around 4 million, demonstrating the staggering increase from 2010 to 2011.
If that doesn’t already sound grim enough, executive assistant director of the FBI, Shawn Henry, said of the nation’s efforts to keep hackers away from corporate data networks: “We are not winning.” Henry further goes on to state that the current private and public approach against hackers is, quite simply, “unsustainable.” Increasingly in recent years the FBI, with the help of Henry, has come across data stolen from companies where the executives had no idea that their information had ever been accessed. To sum up, Henry succinctly stated, “I don’t see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it’s an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security.”