Recently, Verizon published its sixty page 2014 Data Breach Investigations Report, detailing the security incidents of 2013. Over the next couple of weeks, we’ll summarize a few key points from various sections of the report. According to the report, more than 60,000 security incidents took place, with many impacting the Fortune 1000. No enterprise is immune, regardless of what security products are in place, or how robust the Defense-in-Depth strategy happens to be. Stopping 100% of all security attacks isn’t feasible. Microsoft, Facebook, Apple, Twitter, Adobe, Vodafone, Lexis-Nexis, and many other large enterprises were breached in 2013. And if they got breached, the mid-market, SMB and government agencies are going to be in for a big surprise in 2014, since their security spend isn’t at the same level of the Fortune 1000.
Maybe some sort of measurement is needed in specific industries, where an acceptable level of theft is built into the overall financial picture of the organization. Just as clothing retailers like Nordstroms have product shrinkage built into their prices, and company profitability, enterprises might need to develop a plan that builds in cyber theft into the financial picture. However, data theft is a whole different story compared to physical theft of retailers. if this doesn’t make sense, I clarify in another post. Here is a snapshot for 2013.
Summary of Security Incidents for 2013
- January – Red October Cyber-Espionage Campaign targeting government and research institutions, especially in Russian speaking countries took place via a “watering hole” attack
- February – Facebook, Twitter, Apple and Microsoft experienced data breaches
- March – Evernote forced 50M users to change their passwords. Republic of Korea suffered a large cyber attack. CloudFlare and Spamhaus experienced one of the largest DDoS attacks that year
- April – Associated Press Twitter account hacked, and tweet was sent out about explosion to the White House, which caused some panic on Wall Street
- May – Watering hole attack hit nuclear weapons researchers in the US in a Cyber Espionage attack
- June – NetTraveller, a global espionage campaign targeted diplomats in countries whose interest were not aligned with China
- July – Harbor Freight Tools retailer with 445 stores breached, impacting 200M customers. Viber, Tango and Daily Dot breached
- August – CNN Twitter accounts breached. Time Magazine, NY Times and NY Post targeted in cyber espionage campaign
- September – Vodafone breached, 2M customers impacted, personal and financial data compromised. Data brokers Lexus-Nexis, Kroll, and Dun & Bradstreet breached
- October – Adobe was breached and 38M accounts were compromised. Nordstrom compromised. Silk Road shut down
- November – BIPS, large European bitcoin payment processor was a victim of largest bitcoin heist of the year
- December – Washington Post breached a second time