97 Percent of Attacks Were Avoidable
A security report released by Verizon that studied 855 breach incidents from last year concluded that 97 percent of them could have been avoided by "simple and intermediate controls."
The report also found that 58 percent of these breaches were done by online "hacktivists" -- those who attacked in social protest, retaliation, activism or simply to pull a prank on unsuspecting users. Verizon's report indicated that it's harder to prepare for the next attack in cases where the hacks weren't done for monetary gain.
Much of the 97 breaches -- especially those that came from hactivists -- could have just been avoided if users kept in mind that if you are online, you are always susceptible to attacks, said Rapid 7's security researcher Marcus Carey.
As for the types of attacks used, Verizon found that incidents that utilized a hacking tool or skill constituted 81 percent of attacks, with 69 percent of those attacks employing the help of malware to pull off the breach.
Verizon said the types of attacks used has changed little over the past few years because hackers continue to get the same results with known attack vectors.
While Verizon found that the majority of incidents studied were caused by hacktivists, it noted that the more traditional attacks from criminal organizations were focused on smaller corporate targets in 2011. The report found that attacks on businesses in the accommodation and food service industries made up 54 percent of the 855 breaches studied. It found that 85 percent of those businesses employed less than 1,000 personnel.
Attacks against small corporations consist mostly of using malware and finding vulnerabilities in Web sites. By contrast, when larger companies are attacked, the hacks tend to be done using phishing and social engineering.