New Era of ‘Mega Breaches’ Signals Bigger Payouts and Shifting Behaviour for Cybercriminals

Malaysia Ranked 33rd Among Countries Globally on Internet Security Threat Activities

KUALA LUMPUR, Malaysia – 21 April 2014 – After lurking in the shadows for the first ten months of 2013, cybercriminals unleashed the most damaging series of cyberattacks in history. Symantec Corp.’s (Nasdaq: SYMC) Internet Security Threat Report Volume 19 (ISTR 19), shows a significant shift in cybercriminal behaviour, revealing the bad guys are plotting for months before pulling off huge heists – instead of executing quick hits with smaller rewards.

In 2013, there was a 62 percent increase in the number of data breaches globally from the previous year, resulting in more than 552 million identities exposed – proving cybercrime remains a real and damaging threat to consumers and businesses alike. One mega breach can possibly be worth 50 smaller attacks.

“While the level of sophistication continues to grow among cyber attackers, what was surprising last year was the cyber attackers’ willingness to be a lot more patient – waiting to strike until the reward is bigger and better,” said Eric Hoh, Symantec’s Vice President for Asia South and Korea regions.“With cybercriminals constantly innovating and enhancing their modes of attacks, companies globally and in Malaysia cannot afford to let their guard down. The consequences of complacency can be far-reaching, causing commercial and reputation damage.”

Nigel Tan, Director of Systems Engineering at Symantec Malaysia said, “Malaysia’s Internet security profile declined last year and ranked 33rd among countries globally on Internet security threat activities. This is a clear indication that cybercriminals have not slowed down, in fact they are increasing the efficiency of their campaigns and have their eye on Small and Medium Businesses (SMBs) with less than 500 employees, in particular the healthcare and transport/utility sectors in Malaysia.”

Defense is Harder than Offense

The size and scope of data breaches globally is exploding, putting the trust and reputation of businesses at risk, and increasingly compromising consumers’ personal information – from credit card numbers and medical records to passwords and bank account details. Each of the eight top data breaches in 2013 resulted in the loss of tens of millions of data records. By comparison, 2012 only had a single data breach reach that threshold.

“For cybercriminals, the potential for huge paydays means large-scale cyber attacks are here to stay. Companies of all sizes need to re-examine, re-think and possibly re-architect their security posture,” said David Rajoo, Principal Consultant at Symantec Malaysia.

Targeted attacks were up 91 percent globally in 2013 and lasted an average of three times longer compared to 2012. Personal assistants and those working in public relations were the two most targeted professions – cybercriminals use them as a stepping stone toward higher-profile targets like celebrities or business executives.

“What is interesting is the targeted attacks became slow and low as cyber attackers increased the number of campaigns they ran, but decreased the emails used and the number of people they attacked in each campaign. It’s almost as if they brought in efficiency experts to improve their attack campaigns,” David explained.

How to Maintain Cyber Resiliency

While the increasing flow of data from smart devices, apps and other online services is tantalising to cybercriminals, there are steps businesses and consumers can take to better protect themselves – whether it be from a mega data breach, targeted attack or common spam. Symantec recommends the following best practices:

For Businesses:
Know your data: Protection must focus on the information – not the device or data centre. Understand where your sensitive data resides and where it is flowing to help identify the best policies and procedures to protect it.
Educate employees: Provide guidance on information protection, including company policies and procedures for protecting sensitive data on personal and corporate devices.
Implement a strong security posture: Strengthen your security infrastructure with data loss prevention, network security, endpoint security, encryption, strong authentication and defensive measures, including reputation-based technologies.

For Consumers:
Be security savvy: Passwords are the keys to your kingdom. Use password management software to create strong, unique passwords for each site you visit and keep your devices – including smartphones – updated with the latest security software.
Be vigilant: Review bank and credit card statements for irregularities, be cautious when handling unsolicited or unexpected emails and be wary of online offers that seem too good to be true – they usually are.
Know who you work with: Familiarise yourself with policies from retailers and online services that may request your banking or personal information. As a best practice, visit the company’s official website directly (as opposed to clicking on an emailed link) if you must share sensitive information.