Archive

Archive for the ‘Verizon’ Category

The 2013 Data Breach Investigations Report

April 24, 2013 Comments off

The 2013 Data Breach Investigations Report
Source: Verizon

From press release:

The ‘Verizon 2013 Data Breach Investigations Report’ reveals that large-scale financial cybercrime and state-affiliated espionage dominated the security landscape in 2012. Taking the top spot for all breaches in the 2013 report is financially motived cybercrime (75 percent), with state-affiliated espionage campaigns claiming the No. 2 spot (20 percent). Breaches in the No. 2 spot include cyberthreats aimed at stealing intellectual property — such as classified information, trade secrets and technical resources — to further national and economic interests.

The 2013 DBIR also found that the proportion of incidents involving hacktivists — who act out of ideological motivations or even just for fun — held steady; but the amount of data stolen decreased, as many hacktivists shifted to other methods such as distributed denial of service (DDoS) attacks. These attacks, aimed at paralyzing or disrupting systems, also have significant costs because they impair business and operations.

About these ads

2012 Data Breach Investigations Report

March 26, 2012 Comments off

2012 Data Breach Investigations Report (PDF)
Source: Verizon

2011 will almost certainly go down as a year of civil and cultural uprising . Citizens revolted, challenged, and even overthrew their governments in a domino effect that has since been coined the “arab spring,” though it stretched beyond a single season. Those disgruntled by what they perceived as the wealth-mongering “1%” occupied Wall street along with other cities and venues across the globe. There is no shortage of other examples.

This unrest that so typified 2011 was not, however, constrained to the physical world. The online world was rife with the clashing of ideals, taking the form of activism, protests, retaliation, and pranks. While these activities encompassed more than data breaches (e .g ., DDos attacks), the theft of corporate and personal information was certainly a core tactic. This re-imagined and re-invigorated specter of “hacktivism” rose to haunt organizations around the world. Many, troubled by the shadowy nature of its origins and proclivity to embarrass victims, found this trend more frightening than other threats, whether real or imagined. Doubly concerning for many organizations and executives was that target selection by these groups didn’t follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you can’t predict their behavior.

It wasn’t all protest and lulz, however. Mainline cybercriminals continued to automate and streamline their method du jour of high-volume, low-risk attacks against weaker targets. Much less frequent, but arguably more damaging, were continued attacks targeting trade secrets, classified information, and other intellectual property. We certainly encountered many faces, varied tactics, and diverse motives in the past year, and in many ways, the 2012 Data breach Investigations Report (DbIR) is a recounting of the many facets of corporate data theft.

This year our DbIR includes more incidents, derived from more contributors, and represents a broader and more diverse geographical scope . The number of compromised records across these incidents skyrocketed back up to 174 million after reaching an all-time low (or high, depending on your point of view) in last year’s report of four million . In fact, 2011 boasts the second-highest data loss total since we started keeping track in 2004.

2011 Data Breach Investigations Report

April 19, 2011 Comments off

2011 Data Breach Investigations Report (PDF)
Source: Verizon
From press release:

Data loss through cyber attacks decreased sharply in 2010, but the total number of breaches was higher than ever, according to the “Verizon 2011 Data Breach Investigations Report.” These findings continue to demonstrate that businesses and consumers must remain vigilant in implementing and maintaining security practices.

The number of compromised records involved in data breaches investigated by Verizon and the U.S. Secret Service dropped from 144 million in 2009 to only 4 million in 2010, representing the lowest volume of data loss since the report’s launch in 2008. Yet this year’s report covers approximately 760 data breaches, the largest caseload to date.

According to the report, the seeming contradiction between the low data loss and the high number of breaches likely stems from a significant decline in large-scale breaches, caused by a change in tactics by cybercriminals. They are engaging in small, opportunistic attacks rather than large-scale, difficult attacks and are using relatively unsophisticated methods to successfully penetrate organizations. For example, only 3 percent of breaches were considered unavoidable without extremely difficult or expensive corrective action.

The report also found that outsiders are responsible for 92 percent of breaches, a significant increase from the 2010 findings. Although the percentage of insider attacks decreased significantly over the previous year (16 percent versus 49 percent), this is largely due to the huge increase in smaller external attacks. As a result, the total number of insider attacks actually remained relatively constant.
Hacking (50 percent) and malware (49 percent) were the most prominent types of attack, with many of those attacks involving weak or stolen credentials and passwords. For the first time, physical attacks — such as compromising ATMs –appeared as one of the three most common ways to steal information, and constituted 29 percent of all cases investigated.

Follow

Get every new post delivered to your Inbox.

Join 898 other followers