2011 Verizon Data Breach Report

April 19, 2011March 22, 2018 by Infostruction

No Comments

Verizon’s 2011 Data Breach Investigations, a study conducted by the Verizon RISK Team with cooperation from the U.S. Secret Service and the Dutch High Tech Crime Unit.

Verizon’s 2010 Data Breach Report found that the number of data breaches quintupled from 2009, highlighting the shift as cyber-criminals target smaller businesses.

While the number of data breaches soared in 2010, the amount of information lost has dropped dramatically, according to Verizon’s latest data breach survey. The contradiction underscores what some security experts have been saying: attackers are increasingly targeting smaller companies because it’s easier.

Released April 19, the latest “2011 Verizon Data Breach Investigations Report” from Verizon Business counted 760 data breaches in 2010, compared to only 141 data breaches in 2009. Verizon noted a dramatic decline of 97 percent in the number of compromised records in 2010, as compared to 2009.

Among some of the report’s key findings:

Hacking, at 50 percent, and malware, at 49 percent, are the most prominent types of attack, with many incidents involving weak or stolen credentials and passwords;

Physical attacks, such as skimming at ATMs, pay-at-the-pump gas terminals and POS systems, for the first time rank among the three most common ways to steal information, comprising 29 percent of all investigated cases;

Outsiders are responsible for 92 percent of breaches, while the percentage of insider attacks dropped from 49 percent in 2009 to 16 percent in 2010.

Attacks Remain Easy
According to the report, 83 percent of the databases hit in 2010 were targets of opportunity; 92 percent of the attacks were classified as “not highly difficult.”

86 percent of the year’s breaches were discovered by third parties;

97 percent were avoidable through simple or intermediate controls;

89 percent of the corporate or organizational victims were not compliant with the Payment Card Industry Data Security Standard at the time of the hack.

Download the 2011 Data Breach.

2010 Verizon Data Breach Report

The 2010 Verizon and U.S. Secret Service breach report is full of enlightening facts, figures and statistics. I highly recommend you read it cover to cover. It breaks down the breaches by demographic, threat agents, threat actions, attack difficulty and targeting, vertical, and time span. It also compares how PCI compliance affected the number and severity of breaches. This is the first year that Verizon has teamed up with the Secret Service to expand reporting on breach incidents. This reporting is highly regarded as a source for intrusions into the customers of Verizon’s widely adopted communications services. DBIR series now spans six years, 900+ breaches, and over 900 million compromised records.

Highlights:

Who is behind Data Breaches?

70% resulted from external agents (-9%)
48% were caused by insiders (+26%)
11% implicated business partners (-23%)
27% involved multiple parties (-12%)

How Do Breaches Occur?

48% involved privilege misuse (+26%)
40% resulted from hacking (-24%)
38% utilized malware (<>)
28% employed social tactics (+16%)
15% comprised physical attacks (+6%)

What commonalities exist?

98% of all data breached came from servers (-1%)
85% of attacks were not considered highly difficult (+2%)
61% were discovered by a third party (-8%)
86% of victims had evidence of the breach in their log files
96% of breaches were avoidable through simple or intermediate controls (+9%)
79% of victims subject to PCI DSS had not achieved compliance

Older Reports: