Data loss through cyber attacks decreased sharply in 2010, but the total number of breaches was higher than ever, according to the "Verizon 2011 Data Breach Investigations Report." These findings continue to demonstrate that businesses and consumers must remain vigilant in implementing and maintaining security practices.
The number of compromised records involved in data breaches investigated by Verizon and the U.S. Secret Service dropped from 144 million in 2009 to only 4 million in 2010, representing the lowest volume of data loss since the report's launch in 2008. Yet this year's report covers approximately 760 data breaches, the largest caseload to date.
According to the report, the seeming contradiction between the low data loss and the high number of breaches likely stems from a significant decline in large-scale breaches, caused by a change in tactics by cybercriminals. They are engaging in small, opportunistic attacks rather than large-scale, difficult attacks and are using relatively unsophisticated methods to successfully penetrate organizations. For example, only 3 percent of breaches were considered unavoidable without extremely difficult or expensive corrective action.
The report also found that outsiders are responsible for 92 percent of breaches, a significant increase from the 2010 findings. Although the percentage of insider attacks decreased significantly over the previous year (16 percent versus 49 percent), this is largely due to the huge increase in smaller external attacks. As a result, the total number of insider attacks actually remained relatively constant.
Hacking (50 percent) and malware (49 percent) were the most prominent types of attack, with many of those attacks involving weak or stolen credentials and passwords. For the first time, physical attacks -- such as compromising ATMs -- appeared as one of the three most common ways to steal information, and constituted 29 percent of all cases investigated.
For the second year in a row, the U.S. Secret Service collaborated with Verizon in preparing the report. In addition, the National High Tech Crime Unit of the Netherlands Policy Agency (KLPD) joined the team this year, allowing Verizon to provide more insight into cases originating in Europe. Approximately one-third of Verizon's cases originated in either Europe or the Asia-Pacific region, reflecting the global nature of data breaches.
"Through our Data Breach Investigations Report series, Verizon continues to provide the industry with a first-hand look at cybercrime around the globe," said Peter Tippett, Verizon's vice president of security and industry solutions. "This year, we witnessed highly automated and prolific external attacks, low and slow attacks, intricate internal fraud rings, countrywide device-tampering schemes, cunning social engineering plots and more. And yet, at the end of day, we found once again that the vast majority of breaches can be avoided without extremely difficult, expensive security measures."
Tippett added: "It is important to remember that data breaches can happen to any business -- regardless of size or industry -- or consumer, at any place in the world. A good offense remains the best defense. It is imperative to implement essential security measures broadly throughout your security infrastructure, whether that is a small home setup or an expansive enterprise infrastructure."
U.S. Secret Service Assistant Director A.T. Smith said, "Americans over the past several years have seen the significant impacts data breaches are having on our nation's financial infrastructure. Today, cyber criminals are operating in nearly every civilized nation in the world, exposing Americans' personal information, either stored or transmitted, to substantial risk."
Smith added, "By participating in the Verizon 2011 Data Breach Investigations Report, the Secret Service is working closely with our private-sector partners to educate Americans about the threats of cyber criminals. With the help of our Electronic Crimes Task Force partners, such as Verizon, we are studying technologies and trends to prevent and mitigate attacks against critical financial infrastructure."
The Data Breach Investigation Report (DBIR) series now spans seven years and more than 1,700 breaches involving more than 900 million compromised records, making it the most comprehensive study of its kind.
Key Findings of the 2011 Report
Data from the 2011 report shows that:
- Large-scale breaches dropped dramatically while small attacks increased. The report notes there are several possible reasons for this trend, including the fact that small to medium-sized businesses represent prime attack targets for many hackers, who favor highly automated, repeatable attacks against these more vulnerable targets, possibly because criminals are opting to play it safe in light of recent arrests and prosecutions of high-profile hackers.
- Outsiders are responsible for most data breaches. Ninety-two percent of data breaches were caused by external sources. Contrary to the malicious-employee stereotype, insiders were responsible for only 16 percent of attacks. Partner-related attacks continued to decline, and business partners accounted for less than 1 percent of breaches.
- Physical attacks are on the rise. After doubling as a percentage of all breaches in 2009, attacks involving physical actions doubled again in 2010, and included manipulating common credit-card devices such as ATMs, gas pumps and point-of-sale terminals. The data indicates that organized crime groups are responsible for most of these card-skimming schemes.
- Hacking and malware is the most popular attack method. Malware was a factor in about half of the 2010 caseload and was responsible for almost 80 percent of lost data. The most common kinds of malware found in the caseload were those involving sending data to an external entity, opening backdoors, and keylogger functionalities.
- Stolen passwords and credentials are out of control. Ineffective, weak or stolen credentials continue to wreak havoc on enterprise security. Failure to change default credentials remains an issue, particularly in the financial services, retail and hospitality industries.
Recommendations for Enterprises
The 2011 report found again that the prescription for data breaches is to use simple, essential security practices such as:
- Focus on essential controls. Many enterprises make the mistake of pursuing exceptionally high security in certain areas while almost completely neglecting others. Businesses are much better protected if they implement essential controls across the entire organization without exception.
- Eliminate unnecessary data. If you do not need it, do not keep it. For data that must be kept, identify, monitor and securely store it.
- Secure remote access services. Restrict these services to specific IP addresses and networks, minimizing public access to them. Also, ensure that your enterprise is limiting access to sensitive information within the network.
- Audit user accounts and monitor users with privileged identity. The best approach is to trust users but monitor them through pre-employment screening, limiting user privileges and using separation of duties. Managers should provide direction, as well as supervise employees to ensure they are following security policies and procedures.
- Monitor and mine event logs. Focus on the obvious issues that logs pick up, not the minutiae. Reducing the compromise-to-discovery timeframe from weeks and months to days can pay huge dividends.
- Be aware of physical security assets. Pay close attention to payment card input devices, such as ATMs and gas pumps, for tampering and manipulation.
A complete copy of the 74page "2011 Data Breach Investigations Report" is available by clicking on the link.