State-sponsored data breaches became the second most common variety of data breaches in 2012, following only organized crime, according to a study released Monday by Verizon.
The Data Breach Investigations Report found 19 percent of the 691 global data breaches were conducted by state-sponsored agents.
In addition, the study highlighted how cyber-spying has created a whole new vulnerability aspect by collecting data on operational utilities such as water treatment plants and manufacturing factories.
“The question is, what are they doing with this information?” said Bryan Sartin, director of Verizon’s Research, Investigations, Solutions, Knowledge Team.
Verizon’s study was weary to announce global espionage on a definite rise. The paper attributed better data collection and a decrease in financial breaches to espionage’s new rank.
“This is the first year that the Department of Homeland Security has reported data,” Sartin said.
Despite the uncertainty, a clearer picture of cyber-spying has emerged from the report. According to Verizon, the top industries targeted by espionage were concentrated on the transportation, professional and manufacturing industries. The three industries comprised 75 percent of the breaches by state spies.
Even more alarming, the RISK Team found that once a spy gained entrance to the organization, detection took an average of seven months. In most of those cases, a third party, such as the government or the RISK Team, notified the organization.
The RISK Team has been collecting information on data breaches for 10 years. The 2013 report is the sixth annual one of its kind.
“For the past 10 years, financial data breaches have dominated,” Sartin said. “It’s only the past two years that we have seen more state-spying and hacktivism.”
The RISK Team has outlined two major ways federal agencies and companies can protect their data from state-spies. First, Sartin encourages organizations to find their data.
“So many places have data they didn’t know they had or know they have it, but don’t know where it is,” he said. This includes tying up loose ends like making sure secure data is not in an email attachment.
The second way to protect data is simple incident detection. According to Sartin, many companies are still using security from the 1990s.