Monday, July 07, 2025, 6:31PM | 
MENU
Advertisement

Data breach methods getting more sophisticated

Data breach methods getting more sophisticated

Malware, phishing scams and other old-fashioned hacking techniques took the lead as the primary causes of more than 2,000 confirmed data breaches last year that were examined in a new report by communications company Verizon.

Compiled with the help of 70 national and international cybersecurity organizations, the report used data breach insurance claims as well as data from a dozen contributing companies to examine 79,790 security incidents and 2,122 confirmed data breaches in more than 61 countries.

The good news: Smartphones were relatively safe. Only 0.03 percent per week, out of tens of millions of Android phones within the Verizon Wireless network, contained what was called “truly malicious” malware. Those using iPhones had even less reason to worry since most of the suspicious activity found on the iOS platform were “failed Android exploits,” according to the study.

Advertisement

The bad news: The research pinpointed approximately 170 million malware events — an average of 5 events per second — last year. Companies with confirmed breaches lost around $400 million, an average of 58 cents per stolen record.

Companies are taking longer than experts would like to discover breaches, according to Bob Rudis, lead author of the report and Verizon managing principal.

“The attackers are still moving really fast and getting faster and better, and while the defenders are getting better, they’re still not getting better faster than the attackers are,” Mr. Rudis said during a conference call Tuesday.

Most of the cracks that let hackers into systems could be traced directly to human error.

Advertisement

Ninety-six percent of all security breach incidents fell into 9 patterns that were narrowed down further to categories of miscellaneous errors, crimeware, insider misuse and lost/​stolen devices. Common vulnerabilities and exploits — vulnerabilities within software and other systems — followed a similar pattern: 99 percent were compromised long after existence of that vulnerability was identified, with 71 percent being exposed at least a year later.

The latest malware — malicious software downloaded to computers — and phishing attacks — email traps used to break into systems — often appear as the same robbers from a decade ago wearing different masks, according to Amy Baker, vice president of marketing for Oakland security training firm Wombat Security. Wombat was one of the 70 firms tapped to help Verizon compile the report.

“It’s not exactly the same playing field as it might have been 10 years ago when it comes to phishing attacks. They’ve certainly become a lot more sophisticated …,” she said.

Where attacks of yesteryear might have involved a foreign prince and promises of riches through shady exchanges of currency, Mrs. Baker said today’s phishers scan social media for birthdays, job titles and anything else that can be used to create the appearance an email request is coming from a legitimate source.

Regardless of increasing sophistication, companies aren’t taking the possibility of threats as seriously as they could, said Erik Knight, CEO of Phoenix firewall company SimpleWan. He thinks that could change once individuals are held accountable for errors that lead to attacks.

“Traditionally, when you ask why you haven’t seen a whole lot of change in the past decade [it’s] because the liability — what’s basically a slap on the wrist for that company — hasn’t been that big. But with [payment card industry] changes, a lot of medical record changes, the government’s starting to step in,” he said.

“You’ve got Congress reviewing bills, and it’s going to become more and more costly for these businesses to have a breach. When these go down, I have no doubt there will be related firings to go with it.”

First Published: April 15, 2015, 4:00 a.m.

RELATED
SHOW COMMENTS (0)  
Join the Conversation
Commenting policy | How to Report Abuse
If you would like your comment to be considered for a published letter to the editor, please send it to letters@post-gazette.com. Letters must be under 250 words and may be edited for length and clarity.
Partners
Advertisement
Pirates team owner Bob Nutting talks with general manager Ben Cherington during spring training Monday, Feb. 17, 2020, at Pirate City in Bradenton, Fla.
1
sports
Jason Mackey: How misplaced loyalty and a lack of true urgency have put the Pirates in a lousy spot
Showers and thunderstorms are expected throughout the region on Monday afternoon, with a potential for gusty winds and some localized flash flooding.
2
news
Storms could bring heavy rain, flooding to Pittsburgh region this week
Pirates General Manager Ben Cherington enters the press room to take questions from the media about the firing of manager Derek Shelton on Thursday, May 8, 2025.
3
sports
Pirates GM Ben Cherington: ‘We’re not like a win or two away’ as he's not ruling anything out ahead of deadline
The Moshannon Valley Processing Center, a 1,878-bed immigration detention facility in Philipsburg, PA, is where many are held after being arrested by ICE in Western PA.
4
news
ICE detentions surge across Western Pennsylvania, new data shows
Former Pennsylvania Attorney General Michelle Henry continued overseeing a statewide grand jury probe into sex abuse in Jehovah's Witness congregations across the state -- the largest investigation of its kind in the country. The inquiry found that some of the accused members preyed on children as young as 4-years-old.
5
news
Silence and shame: How the Jehovah’s Witnesses sex abuse crisis in Pennsylvania unfolded
Advertisement
LATEST business
Advertisement
TOP
Email a Story