Verizon Security Report: Data Breaches At New Highs In 2010
According to a new report by Verizon and the U.S. Secret Service, a record number of data breaches were reported in 2010, though the number of compromised records dropped dramatically to 4 million in 2010 from 144 million in 2009.
That the "all-time lowest amount of data loss" was recorded alongside the "all-time highest amount of incidents investigated" presents a strange juxtaposition. The report conjectures that the most likely reason for the disparity is that cyber criminals are penetrating security breaches by pursuing smaller, "opportunistic" attacks rather than large-scale attacks.
Indeed, 96 percent of all breaches would reportedly have been avoidable without having to use extremely difficult or expensive actions to stop them. Furthermore, 83 percent of the victims were hit by "opportunistic" attacks, meaning that the criminals exploited obvious vulnerabilities in the systems.
Most breaches--92 percent--originated from external agents, rather than from employees (or other insiders) of the companies breached.
The two most commonly reported methods of exploiting a security breach were hacking and malware attacks. Physical attacks, such as manipulating ATMs or gas pumps, were the third most reported breaches in 2010, the first year such attacks have raked so high. These physical attacks are thought to be carried out mainly by organized crime groups.
Yet, as the report emphasized, many of these breaches could have been avoided, had the companies involved practiced safer security procedures. What's more, much of the compromised information obtained through these breaches came from data companies that were unaware of their systems' weaknesses. Obvious problem areas include vulnerabilities like weak passwords and credentials, and simple ignorance.
Verizon recommends that companies first ensure that essential controls are implemented not just in high-security areas, but across all data. The report went on to say that unnecessary data should be destroyed, remote access services limited, and users audited before being granted access to privileged areas. And as always, simple procedures like monitoring event logs and physical assets can also help stop breaches.