/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBASKING RIDGE, USA: More electronic records were breached in 2008 than the previous four years combined, according to the '2009 Verizon Business Data Breach Investigations Report' (DBIR) released on Wednesday.
This increase is fueled by a targeting of the financial services industry and a strong involvement of organized crime, said the report.
Verizon said the study is based on data analyzed from Verizon Business' actual caseload comprising 285 million compromised records from 90 confirmed breaches.
According to the report, corporations fell victim to some of the largest cybercrimes ever during 2008. The financial sector accounted for 93 per cent of all such records compromised last year, and 90 per cent of these records involved groups identified by law enforcement as engaged in organized crime.
Verizon Business investigative experts said that nearly nine out of 10 breaches were considered avoidable if security basics had been followed. Mistakes and oversight failures hindered security efforts more than a lack of resources at the time of the breach.
According to the study, highly sophisticated attacks account for only 17 per cent of breaches. However, these relatively few cases accounted for 95 percent of the total records breached - proving that motivated hackers know where and what to target, it added.
"The compromise of sensitive information increased dramatically in 2008, and it's past time to be vigilant about enterprise security," said Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions.
He said this report should serve as another wake-up call that good security and a proactive approach are paramount to running a business in this day and age, particularly since the economic crisis is likely to trigger a further increase in criminal activity.
Key findings
Most data breaches investigated were caused by external sources. Seventy-four per cent of breaches resulted from external sources, while 32 per cent were linked to business partners. Only 20 per cent were caused by insiders, a finding that may be contrary to certain widely held beliefs.
Most breaches resulted from a combination of events rather than a single action. Sixty-four percent of breaches were attributed to hackers who used a combination of methods.
In 69 per cent of cases, the breach was discovered by third parties.
During the last five years, relatively few victims have discovered their own breaches.
Despite widespread concern over desktops, mobile devices, portable media and the like, 99 per cent of all breached records were compromised from servers and applications, it added.
State of cybercrime
As the cybercrime market continues to evolve, so do the targets, techniques and types of attackers, said the Verizon report.
The big money is now in stealing personal identification number (PIN) information together with associated credit and debit accounts. In 2008, Verizon Business witnessed an explosion of attacks targeting PIN data, to withdraw cash directly from the consumer's account.
"We have a great deal of evidence that malicious activity from Eastern Europe is the work of organized crime," Tippett added.
While the retail industry continues to be the most frequently targeted, accounting for a third of all cases, the biggest rise was in financial services, which more than doubled its share to 30 per cent, said the report.
But more importantly, the financial sector accounted for more than nine out of 10 of the more than 285 million records compromised.
The report observed that the increase in data breaches in the financial sector reflects the recent trends in cybercriminal activity, especially the focus on acquiring PINs to sell them on the black market.
“While the majority of attacks remain rather mundane, the criminals are adapting to our current protection strategies and inventing new ways to attain the data they value," said Tippett.