Era of the "mega breach"

Last year heralded the onset of the era of the "mega breach" - attacks by cybercriminals yielding tens of millions of records - according to Symantec's latest Internet Security Threat Report.

The report states that each of the eight largest data breaches in 2013 resulted in the loss of tens of millions of records, whereas in 2012 only one attack met that threshold.

During the year the number of data breaches also increased 62%, and a total of 552 million records were exposed.

But according to Symantec Security Response Director Kevin Haley, the number of mega breaches suggests that attackers are demonstrating a "willingness to be a lot more patient - waiting to strike until the reward is bigger and better".

Cybercriminals are plotting for months before pulling off huge heists, he said, noting that one mega breach can be worth 50 smaller attacks.

The report in fact shows that the threat landscape was relatively quiet for the first 10 months of the year, but cybercriminals unleashed the most damaging series of attacks in history during the last two.

"The potential for huge paydays means large-scale attacks are here to stay," Haley said. "Companies of all sizes need to re-examine, re-think and possibly re-architect their security posture."

Targeted attacks also increased by 91% last year and lasted an average of three times longer than those of 2012.

In Australia, 1 in 492.3 companies fell victim to a malware attack during the year, whereas phishing had an attack rate of 1 in 734.2. Nearly two thirds of companies faced a spam attack.

Image courtesy of Martin McKeay under CC