This week saw two somewhat conflicting reports on our current state of insecurity. The news ain't good, but it's better than you might expect.
[ Also on InfoWorld: Recent breaches at Stratfor Global and Heartland Institute seem to back both reports' claims. | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
The report details 855 incidents from 2011 resulting in the loss of 174 million records. Some 98 percent of those data breaches resulted from external attacks, according to the report, with the vast majority of those employing some kind of hack attack. Only 4 percent of those losses were blamed on internal employees.
Of those 174 million lost records, some 100 million were stolen by self-proclaimed hacktivists, per the report. Check out this top-level summary, which sounds like something straight out of Hollywood:
The online world was rife with the clashing of ideals, taking the form of activism, protests, retaliation, and pranks. While these activities encompassed more than data breaches (e.g., DDoS attacks), the theft of corporate and personal information was certainly a core tactic. This re-imagined and re-invigorated specter of "hacktivism" rose to haunt organizations around the world. Many, troubled by the shadowy nature of its origins and proclivity to embarrass victims, found this trend more frightening than other threats, whether real or imagined. Doubly concerning for many organizations and executives was that target selection by these groups didn't follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you can't predict their behavior.
Whatever you think about Verizon, those boys can write. I can't wait for the movie.
Meanwhile, the Ponemon Institute released its seventh annual report on the cost of data breaches in the United States this week. It was a bit drier in tone, and the conclusion was quite a bit different: negligent insiders, not hacktivists, were the biggest source of problems, accounting for nearly 40 percent of all data breaches.