Report: more breaches but fewer records compromised in 2010

Verizon's fourth edition of its Data Breach Investigations Report finds that although the number of data breaches is up, the number of records compromised in those breaches has fallen dramatically. The report covered 800 new breaches investigated by Verizon and the US Secret Service (the cumulative total for the past three years has been 900) and found that the number of records affected had fallen 361 million in 2008 to 144 million in 2009 to just 4 million in 2010.

The dramatic drop in compromised records may be explained by a change in behaviour by cybercriminals, avoiding high profile, high rish "megabreaches" like the breach of Heartland Payment Systems, or it could be that those breaches have flooded the black market with credit card numbers, pushing their value down. That said, card payment data still accounts for 98% of the data compromised in 78% of all incidents, and a third of those incidents involved physical proximity attacks such as skimming or compromised point of sale equipment.

Other results from the report show that 50% of breaches involved some form of hacking, up 10% on the previous year, and 49% incorporated malware, up 11%. But there was a drop in the use of privilege misuse to 17%, down by 31%; this oddly reflects the drop in insiders implicated in data breaches, also at 17%, down 31%. The Verizon report says that 92% of breaches originated with external agents, up 22%, but less than 1% were due to business partners (down 10%) and only 9% involved multiple parties (down 18%).

Of the breaches, 86% were discovered by a third party, up 25%, with the report estimating that 96% of those breaches were avoidable "through simple or intermediate controls", and that 92% of the attacks were "not highly difficult". 83% of the victims were targets of opportunity, rather than specifically pre-selected by the attackers and when those attacks occured, 76% of all the data was compromised.

Demographically, hospitality organisations saw 40% of the breaches and retail 25%, and together these two sectors were responsible for 56% of the compromised records. Financial services saw 22% of the breaches but account for 35% of the compromised records. The report says it has seen "a virtual explosion of breaches involving smaller organisations"; 436 of the 800 analysed breaches were for organisations with 11 to 100 employees, though this increase also obscures the fact that the report saw a doubling of breaches in organisations with 1,000 to 10,000 employees.

The report concludes that "security woes are not caused by the lack of something new. They almost surely have more to do with not using, underusing or misusing something old". Its recommendations for organisations reflect that, suggesting a focus on essential security. This includes ensuring default credentials are changed, review user accounts, restrict and monitor privileged users, secure remote access services, monitoring and filtering network traffic, better web application testing, better log management and more defined analysis, training about social engineering and spotting tampering and fraud and creating incident response plans and testing those plans.

(djwm)