There were 1,367 confirmed data breaches and 63,437 security incidents in 2013 and retailers were a prime and notable target, states a new report. The research says 2013 was the year hackers shifted from geopolitical attacks to card payment systems.
The 2014 edition of Verizon's Data Breach Investigations Report released on Tuesday analyzed data break-ins reported by 50 organizations in 95 countries, including computer emergency response teams and law enforcement agencies.
The report identifies nine patterns that describe 92 percent of the breaches. The report is available for downloading here.
"We have more incidents, more sources, and more variation than ever before," state the report's authors. " We find it simply astounding that nine out of ten of all breaches observed by 50 global organizations over a full year can be described by nine distinct patterns."
The analysis effort pinpoints threats per industry. Companies in the accommodations and hotel sector don't necessarily have to worry much about credit card skimming but they should be worried about point-of-sale terminal hacking attempts.
"After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime - and the bad guys are winning," said Wade Baker, principal author of the Data Breach Investigations Report series, in a statement.
By highlighting the specific security issues for each industry those companies can take better actions to protect data and systems, states the report. Right now, claims the report, businesses are taking a one-size-fits-all approach to security where they should be taking a prioritized approach to threats specific to their industry sector and adjust security spend accordingly.
The report notes the financial industry suffers the most from data leak incidents with 465 breaches reported last year. Content management systems are a favorite focus for denial-of-service attacks. Web app attacks are a main threat for utilities, education, media and trade sectors.
The report also cautions that some data theft incidents may not be actual thefts but due to human error and misuse of data internally and some segments have mandatory security breach reporting requirements while others do not, notes the report.