2013 Data Breach Investigations Report: An Insider’s Look on What’s Behind the China Connection

Verizon’s RISK Team recently wrote an in-depth blog post on espionage attacks originating from China, outlining all that was considered before disclosing the China connection.

For starters, the RISK Team states clearly in the report that while the presence of China was undeniable, the findings may also suggest “other threat groups perform (espionage) activities with greater stealth and subterfuge.’” In addition, the breaches that were attributed to China this year represent less than 20 percent of all confirmed breaches analyzed by the RISK team-- meaning perspective is important in discussing the top findings of this year’s report.

The authors go on to say they put a lot of effort into not sounding alarmist in the report because there are a number of possible and contributing reasons why Verizon’s researchers saw breaches from China – only one of which is related to the actual amount of breaches from China.

Another factor cited by the RISK team is the heightened awareness of Chinese actors within the intel community which could lead to a higher rate of detection, or perhaps the addition of data contributors such as ES-ISAC and ICS-CERT brought more visibility to this year’s data set.

The main point the RISK Team makes is that organized intellectual property theft was one of several clear trends that they saw emerge in this year’s data breach data. The majority of this class of attacks in our data set originates from China and the chart shows that China, Romania and the U.S. are major sources of breaches in the data.