Verizon 2011 Data Breach Investigation Report Summary

Thursday, March 22, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

The newly released Verizon 2011 Data Breach Investigation Report notes that "2011 boasts the second-highest data loss total since we started keeping track in 2004."

The report illustrates the diverse nature con complex mix of motivations that are behind the majority of data loss events.

"We certainly encountered many faces, varied tactics, and diverse motives in the past year, and in many ways, the 2012 Data Breach Investigations Report (DBIR) is a recounting of the many facets of corporate data theft. The online world was rife with the clashing of ideals, taking the form of activism, protests, retaliation, and pranks. While these activities encompassed more than data breaches (e.g., DDoS attacks), the theft of corporate and personal information was certainly a core tactic." the report states.

Hacktivism activity emerged as a leading motivation in major data loss events and exposure of sensitive information in 2011, and the unpredictable nature of the criteria for targeting organizations created a heightened level of uncertainty, according to the report.

"This re-imagined and re-invigorated specter of “hacktivism” rose to haunt organizations around the world. Many, troubled by the shadowy nature of its origins and proclivity to embarrass victims, found this trend more frightening than other threats, whether real or imagined. Doubly concerning for many organizations and executives was that target selection by these groups didn’t follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you can’t predict their behavior," the DBIR states.

Nonetheless, organized cyber crime activity remains a priority threat to the security of sensitive information, according to the Verizon report.

"Mainline cybercriminals continued to automate and streamline their method du jour of high-volume, low-risk attacks against weaker targets. Much less frequent, but arguably more damaging, were continued attacks targeting trade secrets, classified information, and other intellectual property."

While the data from 2010 showed a sharp decline in the number of exposed records, 2011's numbers indicate the dip was short-lived.

"The number of compromised records across these incidents skyrocketed back up to 174 million after reaching an all-time low (or high, depending on your point of view) in last year’s report of four million," the report notes.

(click image to enlarge)

verizondbir

Key Findings in the Verizon 2011 Data Breach Investigation Report:

Offenders:

  • 98% stemmed from external agents (+6%)
  • 4% implicated internal employees (-13%)
  • <1% committed by business partners
  • 58% of all data theft tied to activist groups

Tactics:

  • 81% utilized some form of hacking (+31%)
  • 69% incorporated malware (+20%)
  • 10% involved physical attacks (-19%)
  • 7% employed social tactics (-4%)
  • 5% resulted from privilege misuse (-12%)

Commonalities:

  • 79% of victims were targets of opportunity (-4%)
  • 96% of attacks were not highly difficult (+4%)
  • 94% of all data compromised involved servers (+18%)
  • 85% of breaches took weeks or more to discover (+6%)
  • 92% of incidents were discovered by a third party (+6%)
  • 97% of breaches were avoidable through simple or intermediate controls (+1%)
  • 96% of victims subject to PCI DSS had not achieved 96% of victims subject to PCI DSS had not achieved

Source:  www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?

Possibly Related Articles:
11932
Breaches
Data Loss breaches Enterprise Security Cyber Crime Headlines report Verizon Hacktivist DBIR 2011 Verizon Breach Report
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.