Payment card systems were the main targets for hackers at the end of last year, according to Verizon, after attackers moved away from geopolitical activity.
The telecoms firm’s analysis covered more than 63,000 security incidents from 50 corporations in 95 different countries over the past decade.
Jay Jacobs, principal at the Verizon RISK team, said: "We did some clustering techniques looking for patterns in the data. Looking at the clusters we discovered nine basic attack patterns."
The nine attacks patterns covering almost all breaches included point-of-sale intrusions, web app attacks, insider misuse, physical theft or loss, crimeware, card skimmers, denial of service attacks, cyber espionage and miscellaneous errors.
Last year saw a number of high profile retail breaches, with the details of two million Vodafone customers compromised in September, and 38 million Adobe accounts attacked the following month.
Asked to identify particular areas of difficulty for IT managers, Jacobs said: "I’d say that web applications are a challenge, and that denial of service is another challenge they are experiencing."
He described an atmosphere of intense innovation amongst attackers, with their methods of intrusion often outstripping the remedies of their victims.
Espionage has of late become a lot more varied. "We don’t have a single pattern which we can describe," Jacobs added. "It’s a lot more complex."
Asked by CBR what advice he would give to IT managers, he said: "The main general advice is that there is no one size fits all solution, there’s no magic bullet."
He added that two-thirds of system based attacks target credentials at some point, making ID management a critical component of any company’s security.
"If everybody did the same thing we’d have some people woefully under-spending," he says, adding others would also be wasting money on things they did not need.
"I think [the advice has] been oversimplified in the past, but I think those days are going to be moving behind us."
