A newly released study by global information protectionexpert SymantecCorp. delves into the problem of cyber security and suggeststhat we've only seen the tip of the iceberg.

The increase in mega breaches, aggressive ransomware, mobiletechnology threats and hackers' discovery of the Internet of Thingsin 2013 all point to the continuing rapid growth of cybercrime.

The Internet Security Threat Report (ISTR) is an annual study basedon findings from Symantec's global intelligence network of 41.5million attack sensors, monitoring threat activity in more than 157countries and territories. Over the past two decades, Symantec,probably best known for its Norton consumer security product, hasidentified more than 60,000 recorded vulnerabilities from more than19,000 vendors.

The report states that 2013 was a watershed year for cybersecurity, with a lot of attention focused on cyber-espionage,privacy threats and the acts of malicious insiders. But with lastDecember's big Target breach and other security hacks, the message was clear:cybercriminals who are simply in it for the money are still outthere, and growing. And social media carelessness, the growth ofmobile devices, and the burgeoning universe of the Internet ofThings (smart cars, refrigerators, medical devices and more) isgiving cyber criminals an even bigger playground.

Following are the top trends Symantec identified in thereport:

1. 2013 was year of the mega breach. Totalnumber of breaches was 62% greater than 2012, with 253 totalbreaches. Eight breaches each compromised more than 10 millionidentities. In comparison, in 2012, only one breach exposed morethan 10 billion, and in 2011, only 5 were that size. More than 552million identities were breached in 2013, putting credit cardinformation, birth dates, government ID numbers, home addresses,medical records, phone numbers, financial information, emailaddresses, logins, passwords and other personal information intothe criminal underground.

Read related: Worldwide Cyber Breach Puts Information of Millions at Risk

2. Targeted attacks grow and evolve. Far frombeing dead, phishing is on the rise: the number of spear-phishingcampaigns increased 91% in 2013, with campaigns running longer.Industries most at risk were mining, governments and manufacturing,with odds of being attack 1 in 2.7, 1 in 3.1 and 1 in 3.2,respectively.

3. Zero-day vulnerabilities and unpatched websitesfacilitated "watering-hole" attacks. Symantec uncovered 23zero-day vulnerabilities (software holes unknown to the vendor) in2013, a 61% increase over 2012. And even though the top five ofthese were patched on average within four days, Symantec detectedmore than 174,000 attacks within 30 days of the vulnerabilitiesbeing known. Legitimate websites with poor patch managementpractices are vulnerable to watering-hole attacks—so called becausehackers target these websites to place malware and entrap victims.The Symantec report found that 77% of legitimate websites hadexploitable vulnerabilities and 1 in 8 of all websites had acritical vulnerability.

4. The rise of ransomware. Ransomwarescams—where the attacker pretends to be law enforcement and demandsa fake fine of between $100 and $500—first appeared in 2012 andrapidly escalated, growing by 500% over 2013. Criminals have nowdispensed with the law-enforcement pretense and simply demandmoney. The most prominent of these scams is Cryptolocker, whichencrypts user files and demands a ransom for unencryption. With theubiquity of online payment methods, this method of extortion isexpected to grow in 2014 and small businesses and consumers are athighest risk.

5, Mobile is the new market for social media scams andmalware. The ongoing increase of mobile devices is openingup a new frontier for fraud. Symantec's Norton Report indicatesthat 38% of mobile users had experienced mobile cybercrime. Andalthough lost or stolen devices are still the biggest risk,increased use of sensitive data on mobile devices is upping theante: 52% of mobile users store sensitive files online, with 24%storing work and personal information in the same online storageaccounts, and 21% share logins and passwords with families, puttingboth their personal data and their employers' data at risk. Andonly 50% of these users take even basic security precautions.

Read related: Top 10 "Shadow IT" Apps Downloaded by Employees—and the RisksInvolved

6. Social media behavior: dumb and dumber.Social media sites are awash with risk. Fake offers such as freecell phone minutes accounted for the largest number attacks onFacebook users in 2013: 81% in 2013 compared to 56% in 2012. Andalthough 12% of social media users say someone has hacked intotheir social network account, a quarter of them still sharepasswords with others and connect with people they don't know.

7. Attackers are turning to the Internet of Things(IoT). With the Internet seeping into everyday devices,more opportunities are opening up for scammers. Baby monitors,security cameras and routers, smart televisions, cars and medicalequipment were hacked in 2013.  A bigger concern isattacks against consumer routers by computer worms likeLinux.Darlloz. Controlling these devices can push victims to fakewebsites, usually to steal financial information.

The ISTR concluded with best practices recommendations forbusinesses, including:

• Emphasize multiple, overlapping, and mutually supportivedefensive systems, including regularly updated firewalls andgateway antivirus, intrusion detection or protective systems.
• Regularly monitor for network incursion attempts,vulnerabilities and brand abuse.
• Install the latest versions of endpoint antivirussoftware.
• Be aggressive in updating and patching.
• Ensure regular backups are available.
• Ensure you have infection and incident response procedures inplace.
• Educate users on basic security protocols.

For a complete copy of the report, go to:

http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf