Verizon study: data breaches quintupled in 2010

In 2010 the number of breaches skyrocketed to 760 from 141 the year before, according to the "2011 Verizon Data Breach Investigation Report"
  • (Network World)
  • — 19 April, 2011 15:04

Criminals carried out more but smaller data thefts last year than in previous years, indicating a shift toward simpler exploits that run lower risk of punishment, according to Verizon's latest data breach report.

In 2010 the number of breaches skyrocketed to 760 from 141 the year before, according to the "2011 Verizon Data Breach Investigation Report".  At the same time the number of actual records compromised by the breaches plummeted from 144 million in 2009 to 4 million in 2010.

TIPS: Verizon's 12-Step security program

On average, then, in 2009 the number of records stolen per breach was about 1.02 million. For 2010 that number was 5,263.

What's going on? The type of data being sought by criminals shifted from payment card numbers to intellectual property, information about business processes and deals being made between businesses, says David Ostertag, global investigations manager for Verizon.

"With intellectual property they may get one record but it will have a much higher value than one payment card record," Ostertag says.

In cases where payment card information was stolen, the number of records taken per breach was much less, indicating that criminals are trying to minimize the attention they draw, he says. "There's less chance of being caught because fewer resources are being applied to catch them," he says.

That may already be changing, though, with early results from 2011 indicating a surge in high-volume data breaches. The motivation may be that stockpiles of stolen card data have been depleted over the past year and more are needed to replenish them. "Supply and demand has a lot to do with it," he says. "The bad guys need a new supply."

HISTORY: Smartphone security follies

Also anecdotally, there seems to be a recent uptick in unauthorized peer-to-peer traffic on networks, Ostertag says, which could be criminals doing research and development on ways to send data out once it has been compromised.

"They're better at getting in, but not at exfiltrating the data," he says.

Threats from outside businesses has also jumped dramatically from 70% to 92%, which may be due to commoditized attack tools that are simpler to use and therefore used more often,  he says.

Hospitality, retail and financial services industries accounted for 87% of all the investigated data breaches.

Financial institutions in previous years accounted for 90% or more of compromised records, but that fell dramatically in 2010 to 35%. The reason is some breaches in past years that involved millions of records were from financial institutions. Also, criminals may be focusing more on other thefts than credit card numbers. These include theft of intellectual property, authentication data, and turning machines into bots to serve botnets, the report says.

One deceptive result is the 17% of attacks involving insiders. That is a drop from 48% in 2009, but the actual number of insider breaches remains about the same. So the threat to businesses from insiders has stayed relatively constant; it's just the total number of breaches that has dramatically increased to skew the percentage, says

Mobile devices have not been seen compromising systems, Ostertag says, but they have been used in compromising data.

Read more about wide area network in Network World's Wide Area Network section.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Topics: security, legal, data breach, anti-malware, cybercrime
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?