June 16, 2008 By News Report
Nearly nine in 10 data breaches could have been prevented had reasonable security measures been in place, according to a comprehensive report issued today by Verizon Business. The study also provides key recommendations to help organizations protect themselves and urges them to be proactive.
The "2008 Data Breach Investigations Report" spans four years and more than 500 forensic investigations involving 230 million records, and analyzes hundreds of corporate breaches including three of the five largest ones ever reported. This study also found that 73 percent of breaches resulted from external sources versus 18 percent from insider threats, and most breaches resulted from a combination of events rather than a single hack or intrusion.
Some of the findings may be contrary to widely held beliefs, such as the idea that insiders are responsible for most breaches. Key findings include:
Black Market for Stolen Data Driving Breaches
The study shows that there is a growing worldwide black market for stolen data. The breaches investigated represent a broad spectrum of industries. The retail and food and beverage industries account for more than half of all cases investigated. By contrast, financial services -- an industry with great monetary assets that are also typically well-protected, especially when compared to other sectors -- accounted for 14 percent of breaches studied.
The study's findings show a marked increase in the number and type of international incidents. For example, attacks from Asia, particularly in China and Vietnam, often involve application exploits leading to data compromise, while defacements frequently originate from the Middle East. Internet protocol (IP) addresses from Eastern Europe and Russia are commonly associated with the compromise of point-of-sale systems.
Making this crime even more attractive is the lucrative black market for stolen data. This social network enables criminals to work with one another to find vulnerable systems, compromise data and commit large-scale identity fraud. Within this network, the report finds, criminal conglomerates maintain access to hackers, fraudsters, and other organized crime groups.
Recommendations for Enterprises