2010 Data Breach Report Finds More Insider Threats
The 2010 Verizon Data Breach Investigations Report, based on collaboration with the US Secret Service, has found that breaches of electronic records last year involved more insider threats, greater use of social engineering and the continued strong involvement of organised criminal groups.
The study also noted that the overall number of breaches investigated last year declined from the total for the previous year – “a promising” indication, the study said.
The report cited stolen credentials as the most common way of gaining unauthorised access into organisations in 2009, pointing once again to the importance of strong security practices both for individuals and organisations. Organised criminal groups were responsible for 85% of all stolen data last year, the report said.
Verizon Business investigative experts found, as they did in the company’s prior data breach reports, that most breaches were considered avoidable if security basics had been followed. Only 4% of breaches assessed required difficult and expensive protective measures.
The 2010 report concluded that being prepared remains the best defence against security breaches. For the most part, organisations still remain sluggish in detecting and responding to incidents. Most breaches (60%) continue to be discovered by external parties and then only after a considerable amount of time. And while most victimised organisations have evidence of a breach in their security logs, they often overlook them due to a lack of staff, tools or processes.
The collaboration with the Secret Service enabled this year’s Data Breach Investigations Report to provide an expanded view of data breaches over the last six years. With the addition of Verizon’s 2009 caseload and data contributed by the Secret Service – which investigates financial crimes – the report covers 900-plus breaches involving more than 900 million compromised records.
Michael Merritt, Secret Service assistant director for investigations, said: “The Secret Service believes that building trusted partnerships between all levels of law enforcement, the private sector and academia has been a proven and successful model for facing the challenges of securing cyberspace. It is through our collaborative approach with established partnerships that the Secret Service is able to help expand the collective understanding of breaches and continue to augment our advanced detection and prevention efforts.”
Key Findings of the 2010 Report
This year’s key findings both reinforce prior conclusions and offer new insights. These include: