Data breach target: You

Don't be the last to find out you're a victim.

Heard about a competitor's security being breached? Then you're probably next. In fact, you may already be owned.

That's the logical conclusion to draw from a new report from Verizon's security services group (download PDF). It's a follow-up to Verizon's big report in June that sifted through data from more than 500 cases the company was hired to investigate over four years.

This time, Verizon sliced and diced the data for the four biggest industry groups: financial services, technology services, retailers and restaurant chains. That alone makes it useful to IT security people.

For example, in financial and tech services, almost 40 percent of breaches came from the inside, much more than in other groups. Retailers and restaurant chains took months to discover a breach, compared with weeks for tech firms and days for financial companies. And attack techniques varied with each industry: Deceit was big for financial firms, while hacking was huge for retailers and restaurants.

But a few things they all shared: By far, the favorite loot was credit and debit card data. And it was usually a third party, not someone inside the breached company, that discovered the break-in.

All this is worrisome enough. But when I talked to Bryan Sartin, who directs Verizon's investigative response operation and co-authored the new report, he told me something more troubling.

It turns out that attacks -- especially those by organized gangs -- come in waves. For example, starting around 2001, attackers focused on security holes in retailers' and restaurants' payment gateways. Often, they would target a specific company, then try different attacks until one worked -- everything from network hacks to Wi-Fi war driving and even physical trespassing.

Then, in 2003, the style shifted. There were lots of network-based automated attacks -- scanning and SQL injections -- often from compromised servers overseas.

Today, Sartin told me, there's a new pattern: Crooks are targeting companies that use the same software -- say, a particular point-of-sale system. They find a security hole, then track down other businesses that use the same POS system. (That's often as easy as checking the vendor's Web site for reference customers.)

Then crooks can compromise lots of targets in the same industry at once, using exactly the same attack.

See where this leads? If you're using the same software as a competitor who's been hit, chances are good that you're a target too. If an attack worked against him, it probably will work against you.

And if it happens to a competitor of one of your trusted partners, you're in the same situation.

And because it can take months for a breach to be found (usually by an outsider, remember), it's likely that by the time you've heard about that breach, you've already been attacked.

Of course, you probably don't know exactly what software your competitors use. So if you hear about any attack on a competitor, don't waste time gloating. Hit your own logs fast, looking for any unusual activity that could indicate a breach.

And if you haven't heard about a breach among your competition yet, don't relax -- especially if you're in a credit-card-heavy business like retail. Keep scanning logs and watching for signs of a breach. Remember, you are a target.

Don't be the last to find out you're a victim.

Frank Hayes is Computerworld's senior news columnist. Contact him at

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Frank Hayes

Computerworld (US)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?