2011 No Better When It Comes To Data Breach

The latest data breach news is far from positive. We reported on this subject in 2009, and it’s the same story in 2011. Data systems are still proving to pose security challenges. Over the last few months, we’ve seen issues with major banks and institutions such as Citigroup’s Japanese card unit, and the Bank of America employee who was arrested for selling customer information along with Kroger, Mercantile Stores, and Sony’s PlayStation Network, among others.

The fourth installment of the DBIR series (sixth if the ?08 and ?09 mid-year supplements are counted.

A spokesperson for DBIR states, "We are also very glad to have the USSS back with us for the 2011 DBIR. Additionally, we have the pleasure of welcoming the NHTCU to the team. Through this cooperative effort, we had the privilege and challenge of examining about 800 new data compromise incidents since our last report. To put that in perspective, the entire Verizon-USSS dataset from 2004 to 2009 numbered just over 900 breaches. We very nearly doubled the size of our dataset in 2010 alone!

"With the addition of Verizon‘s 2010 caseload and data contributed from the USSS and NHTCU, the DBIR series now spans 7 years, 1700+ breaches, and over 900 million compromised records. We continue to learn a great deal from this ongoing study and we?re glad to have the opportunity once again to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of our readers. We also hope you just enjoy reading it."

It only gets worse because more electronic records were breached in 2008 than the previous four years combined, fueled by a targeting of the financial services industry and a strong involvement of organized crime, according to the "2009 Verizon Business Data Breach Investigations Report" (DBIR) released Wednesday (April 15).

This second annual study – based on data analyzed from Verizon Business’ actual caseload comprising 285 million compromised records from 90 confirmed breaches – revealed that corporations fell victim to some of the largest cyber crimes ever during 2008. The financial sector accounted for 93 percent of all such records compromised last year, and a staggering 90 percent of these records involved groups identified by law enforcement as engaged in organized crime.

Verizon Business investigative experts found, as they did in the company’s first report covering 230 million compromised records from 2004 to 2007, that nearly nine out of 10 breaches were considered avoidable if security basics had been followed. Most of the breaches investigated did not require difficult or expensive preventive controls. The 2009 report concluded that mistakes and oversight failures hindered security efforts more than a lack of resources at the time of the breach.

Similar to the first study’s findings, the latest study found that highly sophisticated attacks account for only 17 percent of breaches. However, these relatively few cases accounted for 95 percent of the total records breached – proving that motivated hackers know where and what to target.

Original story Copyright © 2009  - 

Copyright ©2011