A new report on data breaches and cyber crimes highlights a disturbing rate of intellectual property theft, much of which happens from within organizations, making it increasingly difficult to protect against across a range of industries.

The “Verizon 2012 Data Breach Investigations Report,” due to be released by Verizon on Wednesday, pulls together analysis from the U.S. Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police.

In the latest in a series of similar reports, Verizon’s RISK (Research Investigations Solutions Knowledge) team examined 855 data breach incidents involving 174 million compromised records this past year – the second-highest data loss that Verizon’s analysts have seen since they began collecting data in 2004.

Overall, the report found that mainline cybercriminals continued to automate and streamline their “method du jour” of high-volume, low-risk attacks against weaker targets. Incidents involving hacking and malware were both up considerably last year, with 81% of breaches utilizing some form of hacking.

Much less frequent, but arguably more damaging, the report said, were attacks targeting trade secrets, classified information, including government information, and other intellectual property.

Jay Jacobs, a Verizon RISK team managing principal said the snapshot was “unlike anything else we’ve looked at.”

The internal misuses or abuses of data were primarily at the hands of end users of data within their organizations – “people with a lot of access to information” – who often were duped into releasing information to individuals pretending to be someone they’re not.

Social pretexting tactics were tied to 7% of all breaches incidents analyzed in the report – and 22% of breaches at larger organizations – but accounted for 37% of the records compromised. About 5% of breaches were connected to the misuse of network privileges.

“As we look at threat actions, we see malware and hacking dominating the charts, but…we’re seeing a lot of misuse,” said Jacobs, particular in cases involving IP theft, suggesting large enterprises reflect a different complexion of threat actions compared to smaller organizations.

Overall, finding and identifying the work of intellectual property theft is highly difficult and specialized, the report noted. Many of these breaches go undetected until long after the damage has been done, and it often takes quite a while to successfully contain the breach.

“…when it comes to IP [intellectual property] theft, the targeted nature of the attack considerably changes how they are conceived and carried out,” the report said, noting the need for different approaches to protection and mitigation.

“The fact that it is usually a different kind of threat agent, those looking for highly sensitive information to be used for a specific purpose, as opposed to those only looking for a quick cash-out also changes the game,” the report said.

IP attacks often include collusion between insiders and outsiders. Regular employees accounted for the largest percentage (two-thirds) of insiders. Outsiders often acted directly and maliciously, but also regularly solicited and aided insiders.

Attackers generally mix and match their methods until they find a successful combination. Many of these combinations are multiphased and multifaceted.

Jacobs said that financially motivated hackers usually take a smash and grab approach, scanning for vulnerabilities, using keylogger and other spyware to tap valuable data.

“Intellectual property isn’t usually something on the perimeter,” he said. “It’s moved to the core of the network, so it takes more effort and time. Consequently, hackers are more likely to use social tools to find their way into networks in order to steal intellectual property.

“Understanding what happens when a data breach occurs is critical to proactive prevention,” said Wade Baker, Verizon managing principal, RISK team.

The report also looked at trends across key industries, and found:

Financial and Insurance
Overall breaches in this sector were primarily about the money, whether targeting it directly (by accessing internal accounts and applications) or indirectly (through downstream fraud). Many of the attacks are targeted against ATMs, Web applications and employees.

Health Care
Most of the breaches within the health care sector fell into the small to medium business category (one to 100 employees), and outpatient care facilities such as medical and dental offices comprised the bulk of these. Attacks were almost entirely the work of financially motivated organized criminal groups, which typically attack smaller, low-risk targets to obtain personal and payment data for various fraud schemes. Most attacks involved hacking and malware and often focused on point of sale (POS) systems. However, health care industry also needs to protect medical devices and electronic health records.

The retail industry continues to be plagued with a multitude of data breaches, much of it committed by financially motivated criminal groups that gain access through POS systems that are used to conduct daily business activities. The criminals exploit weak, guessable or default credentials via third-party remote access services.

The most vulnerable are franchises and other small and medium-size businesses, which often lack in-house resources and expertise to manage their own security. Consequently, these businesses rely on third-party vendors, which often fail to provide adequate protection; or the businesses use an out-of-the-box solution, without adequately investigating whether the solution will meet their security needs.

In many cases, employees are involved in the breaches, either wittingly or unwittingly. It is not uncommon for an employee to click on a malicious email attachment or visit a questionable site on a company desktop, infecting the system with malware and enabling an attacker to gain access to other devices within the network.

Accommodations and Food Services
This industry has been particularly vulnerable to data breaches, and for the past two years had had more breaches than any other industry. POS systems, which are needed to process payment transactions, have proven to be easy targets for organized criminal groups.