2010 Verizon Data Breach Report
The 2010 Verizon and U.S. Secret Service breach report is full of enlightening facts, figures and statistics. I highly recommend you read it cover to cover. It breaks down the breaches by demographic, threat agents, threat actions, attack difficulty and targeting, vertical, and time span. It also compares how PCI compliance affected the number and severity of breaches. This is the first year that Verizon has teamed up with the Secret Service to expand reporting on breach incidents. This reporting is highly regarded as a source for intrusions into the customers of Verizon’s widely adopted communications services. DBIR series now spans six years, 900+ breaches, and over 900 million compromised records.
https://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf
Highlights:
- Who is behind Data Breaches?
70% resulted from external agents (-9%)
48% were caused by insiders (+26%)
11% implicated business partners (-23%)
27% involved multiple parties (-12%)
- How Do Breaches Occur?
48% involved privilege misuse (+26%)
40% resulted from hacking (-24%)
38% utilized malware (<>)
28% employed social tactics (+16%)
15% comprised physical attacks (+6%)
- What commonalities exist?
- 98% of all data breached came from servers (-1%)
85% of attacks were not considered highly difficult (+2%)
61% were discovered by a third party (-8%)
86% of victims had evidence of the breach in their log files
96% of breaches were avoidable through simple or intermediate controls (+9%)
79% of victims subject to PCI DSS had not achieved compliance
Older Reports:
2009: https://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
2008: https://www.verizonbusiness.com/resources/security/databreachreport.pdf