Verizon released the latest edition of its Data Breach Investigation Report (DBIR) series last week, and the results are a rather interesting mixed bag.
On the one hand, the total data lost through cyber attacks decreased dramatically in 2010. However, the study also found that the overall number of breaches was higher than ever before.
According to Verizon, the seeming contradiction between the low data loss and the high number of breaches likely stems from a significant decline in large-scale breaches, caused by a change in tactics by cybercriminals. Apparently, cybercriminals now tend to engage in small, opportunistic attacks rather than large-scale, difficult attacks, and they are using relatively unsophisticated methods to successfully penetrate organizations. As Verizon points out, only 3 percent of breaches were considered unavoidable without extremely difficult or expensive corrective action.
Here are a few of the report's key findings in more detail:
Volume of data loss plummeted; number of data breaches climbed. The number of compromised records involved in data breaches dropped from 144 million in 2009 to only 4 million in 2010 that's the lowest volume of data loss since the report's launch in 2008. Yet this year's report covers approximately 760 data breaches and that's the largest caseload to date.
Outsider responsibility rose. Outsiders were responsible for 92 percent of breaches, a significant increase from the 2010 findings. Although the percentage of insider attacks decreased significantly over the previous year (16 percent versus 49 percent), Verizon says this is largely due to the huge increase in smaller external attacks. As a result, the total number of insider attacks actually remained relatively constant.
Physical attacks increased. After doubling as a percentage of all breaches in 2009, attacks involving physical actions doubled again in 2010. Physical attacks include manipulating common credit-card devices such as ATMs, gas pumps and point-of-sale terminals, and Verizon's data indicates that organized crime groups are responsible for most of these card-skimming schemes.
Hacking and malware is the most popular attack method. Malware was a factor in about half of the 2010 caseload and was responsible for almost 80 percent of lost data. The most common kinds of malware found in the caseload were those involving sending data to an external entity, opening backdoors, and keylogger functionalities.
Stolen passwords and credentials are out of control. In the report, Verizon concludes that ineffective, weak or stolen credentials continue to "wreak havoc" on enterprise security. Failure to change default credentials remains a key issue, particularly in the financial services, retail and hospitality industries.
Verizon's intriguing DBIR series now spans seven years and more than 1,700 breaches involving more than 900 million compromised records, making it the most comprehensive and illuminating study of its kind. For additional information, see the Verizon 2011 Data Breach Investigations Report.