2011 Verizon Data Breach Report
Verizon’s 2011 Data Breach Investigations, a study conducted by the Verizon RISK Team with cooperation from the U.S. Secret Service and the Dutch High Tech Crime Unit.
Verizon’s 2010 Data Breach Report found that the number of data breaches quintupled from 2009, highlighting the shift as cyber-criminals target smaller businesses.
While the number of data breaches soared in 2010, the amount of information lost has dropped dramatically, according to Verizon’s latest data breach survey. The contradiction underscores what some security experts have been saying: attackers are increasingly targeting smaller companies because it’s easier.
Released April 19, the latest “2011 Verizon Data Breach Investigations Report” from Verizon Business counted 760 data breaches in 2010, compared to only 141 data breaches in 2009. Verizon noted a dramatic decline of 97 percent in the number of compromised records in 2010, as compared to 2009.
Among some of the report’s key findings:
- Hacking, at 50 percent, and malware, at 49 percent, are the most prominent types of attack, with many incidents involving weak or stolen credentials and passwords;
- Physical attacks, such as skimming at ATMs, pay-at-the-pump gas terminals and POS systems, for the first time rank among the three most common ways to steal information, comprising 29 percent of all investigated cases;
- Outsiders are responsible for 92 percent of breaches, while the percentage of insider attacks dropped from 49 percent in 2009 to 16 percent in 2010.
Attacks Remain Easy
According to the report, 83 percent of the databases hit in 2010 were targets of opportunity; 92 percent of the attacks were classified as “not highly difficult.”
- 86 percent of the year’s breaches were discovered by third parties;
- 97 percent were avoidable through simple or intermediate controls;
- 89 percent of the corporate or organizational victims were not compliant with the Payment Card Industry Data Security Standard at the time of the hack.