[ insider_reports_insider ]
Verizon: Breaches In ’08 Outnumber Previous Four Years Combined
SecurityProNews
Staff Writer
2009-04-16
 Insider Reports RSS Feed
Verizon investigated 90 confirmed data breaches in 2008 and discovered that an astonishing 285 million records were compromised, more than in the previous four years combined. In addition, the vast majority of breaches could have been avoided.
 | | Verizon: Breaches In '08 Outnumber Previous Four Years Combined |  |
While many breach reports focus on internal breaches-and internal breaches account for the highest median losses-three quarters of breaches are executed by external sources. Nearly a third (32 percent) appeared to originate with business partners, and 39 percent were the result of multiple internal and external partner collusion.
In short, breaches came from everywhere last year, and from people within companies' circles of trust. Since 91 percent of all breached records were linked to organized criminal gangs, it would be interesting to know how much overlap there regarding business partners and insiders colluding with cybermafias.
Nearly all breaches (98 percent) shared at least one of three characteristics: thieves were aided by the target's error in security practices (67 percent); the target's network was hacked (64 percent); and malware was used to collect data (38 percent). The minority of breaches were the result of the misuse of privileges (22 percent) or direct, physical attacks (9 percent).
Typically hackers invade via default credentials to access remotely and by SQL injection. Verizon says the percentage of customized malware used in these attacks more than doubled in 2008.
Though payment card industry breaches have gotten a lot of press lately, Verizon says 81 percent of victims last year were from other industries, and very nearly all of them (99.9 percent) had records compromised from servers and applications.
Most companies suffering breaches did so because of simple security procedure neglect and worse, were unable to detect breaches themselves. Eighty-three percent were deemed by Verizon as relatively easy, 87 percent were considered avoidable through simple or intermediate controls, and nearly 70 percent weren't discovered by the victims but by third parties.
Among more detailed recommendations in the conclusion of the report, Verizon recommends to companies seeking to avoid breaches in the future that they ensure essential controls are met, find, track, and assess data, collect and monitor event logs, audit user accounts and credentials, and test and review web applications.
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
