Report Examines Ever-Changing Landscape Of Cyber Attacks
How is this for contradiction? The 2011 edition of Verizon’s Data Breach Investigations Report released today says that data loss through cyber attacks markedly decreased in 2010, but the total number of breaches was higher than ever.
The number of compromised records involved in data breaches investigated by Verizon and the U.S. Secret Service dropped from 144 million in 2009 to just 4 million in 2010. Why the difference? Thank those crafty cybercriminals.
Instead of going for the large-scale breach, criminals are now turning to small, unsophisticated methods to penetrate computer systems. So unsophisticated, only 3 percent of the breaches were considered unavoidable without extremely difficult/expensive corrective action.
And if there was any doubt that IT depends on real-world security, the report also said physical attacks continue to sharply increase. Physical attacks -- like manipulating credit-card devices such as ATMs, gas pumps and point-of-sale terminals -- was the third-most common way to steal data, accounting for 29 percent of investigated cases. Organized crime groups are thought to be behind most of the card-skimming activities.
Two old favorites, hacking and malware, were the most popular attack methods. Malware, was some factor in about half of the cases examined and was responsible for a whopping 80 percent of lost data. Some of most common kinds of malware found sent data to and external entity, opened backdoors and functioned as a keylogger.
Unsurprisingly, the report also calls out the sad state of passwords and credentials saying that the failure the change from default passwords remains an issue -- especially in the financial services, retail and hospitality industries.
The complete report can be found here. Along with being a very interesting read, it does offer a slew of tips for businesses looking to improve security, which by the looks of the report should be taken seriously by everyone.
What do the IT security warriors out there think of the report? Will businesses ever be able to adapt fast enough to fend off cybercrime, or will the battle be ongoing for the near future?
Posted by Brent Dirks on Apr 19, 2011