When you think of hackers, your mind might jump to something like a Boris Grishenko (aka “that dude from Goldeneye“) typing away on a keyboard with one hand and virtuosic skill. A criminal mastermind. Verizon’s annual Data Breach Investigations Report (DBIR) paints a bit of a different picture, for last year at least; most of these guys don’t even have to know what they’re doing.
Ever year, Verizon breaks down data about the previous year’s hacks and sifts through it to dig up all kinds of interesting tidits. In sheer numbers, 2012 saw over 47,000 reported security incidents , 621 confirmed data disclosures, and at least 44 million compromised personal records. 44 million might sound like a lot — and it is — but it’s actually way down from 2011’s lulz-fuelled 174 million.
But the data also reveals a bit about the attackers as well, and according to Verizon, few are aiming for anything other than easy-pickin’s and even fewer are actually skilled. 75 per cent of the year’s attacks were characterised as “opportunistic”, meaning the hackers were pulling off the digital equivalent of breaking into unlocked cars and ignoring any targets that put up even the slightest resistance.
And there were enough easy targets out there that the lion’s share of hackers barely needed any skills at all. 78 per cent of hacks were of “low” difficulty or lower. From the Verizon’s DBIR Executive Summary [PDF]:
That should come as good news and bad news. On the one hand, it’s kind of scary to know hacking is easy and prevalent and that there’s plenty of low-hanging fruit for them to snatch. On the other, it’s good to know that it’s not like we’re up against a legion of evil geniuses or anything. Verizon’s DBIR is aimed squarely at enterprises, to help them prepare for the threats of next year, and let’s hope at least one message gets through: lock up. [Verizon Enterprise]