Data breaches increased, while data loss decrease: Verizon

by CXOtoday Staff    Apr 21, 2011

data lossData loss through cyber attacks decreased sharply in 2010, but the total number of breaches was higher than ever, according to the ‘Verizon 2011 Data Breach Investigations Report.’ These findings demonstrate that businesses and consumers must remain vigilant in implementing and maintaining security practices.

The number of compromised records involved in data breaches investigated by Verizon and U.S. Secret Service dropped from 144 million in 2009 to only 4 million in 2010, representing the lowest volume of data loss since the report’s launch in 2008. Yet this year’s report covers approximately 760 data breaches, the largest caseload to date. In addition, the National High Tech Crime Unit of the Netherlands Policy Agency (KLPD) joined the team this year, allowing the company to provide more insight into cases originating in Europe.

“This year, we witnessed highly automated and prolific external attacks, low and slow attacks, intricate internal fraud rings, countrywide device-tampering schemes, cunning social engineering plots and more. And yet, at the end of day, we found once again that the vast majority of breaches can be avoided without extremely difficult, expensive security measures,” remarked Peter Tippett, VP, security and industry solutions, Verizon.

Approximately one-third of Verizon’s cases originated in either Europe or the Asia-Pacific region, reflecting the global nature of data breaches. The report also found that outsiders are responsible for 92 percent of breaches, although the percentage of insider attacks decreased over the previous year (16 percent versus 49 percent), this is largely due to the huge increase in smaller external attacks. As a result, the total number of insider attacks actually remained relatively constant.

Hacking (50 percent) and malware (49 percent) were the most prominent types of attack, with many of those attacks involving weak or stolen credentials and passwords. For the first time, physical attacks — such as compromising ATMs –appeared as one of the three most common ways to steal information, and constituted 29 percent of all cases investigated.

Tippett added, “It is imperative to implement essential security measures broadly throughout your security infrastructure, whether that is a small home setup or an expansive enterprise infrastructure.”

The company provides a few recommendations for enterprises, highlighting the significance of Focus on essential controls; elimination of unnecessary data; secure remote access services; audit user accounts and monitor users with privileged identity; monitor and mine event logs; and be aware of physical security assets.