Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Verizon study: Number of data breaches increased in 2010

Less data stolen despite greater number of thefts, report shows

Article comments

Criminals carried out a greater number of smaller data thefts last year than in previous years, indicating a shift toward simpler exploits that run a lower risk of punishment, according to Verizon's latest data breach report.

In 2010 the number of breaches skyrocketed to 760 from 141 the year before, according to the 2011 Verizon Data Breach Investigation Report. At the same time, the number of actual records compromised by the breaches plummeted from 144 million in 2009 to four million in 2010.

On average, then, in 2009 the number of records stolen per breach was about 1.02 million. For 2010 that number was 5,263.

What's going on? The type of data being sought by criminals shifted from payment card numbers to intellectual property, information about business processes and deals being made between businesses, says David Ostertag, global investigations manager for Verizon.

"With intellectual property they may get one record but it will have a much higher value than one payment card record," Ostertag says.

In cases where payment card information was stolen, the number of records taken per breach was much less, indicating that criminals are trying to minimise the attention they draw, he says. "There's less chance of being caught because fewer resources are being applied to catch them," he says.

However, that may already be changing with early results from 2011 indicating a surge in high-volume data breaches. The motivation may be that stockpiles of stolen card data have been depleted over the past year and more are needed to replenish them. "Supply and demand has a lot to do with it," he says. "The bad guys need a new supply."

Also anecdotally, there seems to be a recent uptick in unauthorised peer-to-peer traffic on networks, Ostertag says, which could be criminals doing research and development on ways to send data out once it has been compromised.

"They're better at getting in but not at exfiltrating the data," he says.

Threats from outside businesses has also jumped dramatically from 70 percent to 92 percent, which may be due to commoditised attack tools that are simpler to use and therefore used more often,  he says.

Hospitality, retail and financial services industries accounted for 87 percent of all the investigated data breaches.

In previous years, financial institutions accounted for 90 percent or more of compromised records, but that fell dramatically in 2010 to 35 percent. The reason is some breaches in past years that involved millions of records were from financial institutions. Also, criminals may be focussing more on thefts other than credit card numbers. These include theft of intellectual property, authentication data and turning machines into bots to serve botnets, the report says.

One deceptive result is the 17 percent of attacks involving insiders. That is a drop from 48 percent in 2009, but the actual number of insider breaches remains about the same. So the threat to businesses from insiders has stayed relatively constant; it's just the total number of breaches that has dramatically increased to skew the percentage, says

Mobile devices have not been seen compromising systems, Ostertag says, but they have been used in compromising data.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *