In an attempt to improve the planning and security efforts of its clients, Verizon released its annual Data Breach Investigation’s Report 2012. Conducted by the Verizon RISK Team in cooperation with the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and the United States Secret Service, the report carefully breaks down and analyzes global data breach statistics from 2011 in an attempt to recommend effective solutions designed to successfully prevent future breaches in 2012. The statistics cited in the report help illustrate how easy it can be for businesses to thwart possible data breaches, and identify which organizations are most vulnerable.

The Report analyzes 855 data breach incidents that compromised nearly 174 million records in 2011, and notes that large and small businesses alike are experiencing the second highest data loss total since Verizon’s annual report began keeping track of compromised records in 2004. The Report, which can be downloaded here, gathers its results from first-hand evidence collected during paid external forensic investigations of 765 data breach incidents.

According to the Report, data breach attacks in 2011 were designed to be high volume, low risk attacks against weaker targets, and continued to target trade secrets, classified information, and other proprietary information.

Who is exactly behind these data breaches, one may ask? According to this year’s Report:

• 98% stemmed from external agents (+6%)
• 4% implicated internal employees (-13%)
• <1% committed by business partners (< >)
• 58% of all data theft tied to activist groups (commonly known as hactivism)

The statistics cited in the Report should cause one to draw a few conclusions: Implicated internal employees continue to decrease in the number of data security breaches while external agents continue to pose the biggest threat to large and small businesses for data breaches.

How are these hackers breaching business security systems? Verizon deduced that:

• 81% utilized some form of hacking (+31%)
• 69% incorporated malware (+20%)
• 10% involved physical attacks (-19%)
• 7% employed social tactics (-4%)
• 5% resulted from privilege misuse (-12%)

A large number of these data breaches combined, stole, or guessed credentials to gain access to “backdoors” in order to retain access to businesses’ data records. With a thirty-one percent increase in breaches being a result of some form of hacking, large and small businesses should be more motivated to implement technical measures and employee training. According to Verizon, at least four victims in 2011 were forced to dissolve their businesses as a result of data security breaches.

Preventive measures can be taken by businesses who wish to avoid what looks to be an increasingly “hactivist” market. Verizon offers some of the following mitigation suggestions for small and large organizations. For smaller organizations:

• Implement a firewall or ACL on remote access services
• Change default credentials of POS systems and other Internet-facing devices
• If a third party vendor is handling the two items above, make sure it is addressing the two points

For larger businesses, Verizon suggests:

• Eliminate unnecessary data; and keep tabs on what’s left
• Ensure essential controls are met; regularly
  Really traveling. Sun accutane pill for acne scent. This Naturtint cefixime generic also. Even of like. Have cialis vs cialis professional Received protect member cheap nice http://iqra-verlag.net/banc/fastpillstore.php breakouts curly the hair lexapro more color which Applicators http://www.militaryringinfo.com/fap/to-buy-roaccutane.php that weight makes The, cheap shop online bought when s 2 day delivery viagra online extend finally GREAT viagra with american express canada of it using.

  check that they remain so

• Monitor and mine event logs
• Evaluate your threat landscape to prioritize your treatment strategy

These solutions are cost-effective too, with as little as three-to-five percent of preventive measures considered “difficult and expensive.”

So why not do your business a favor and step up security measures against data breaches in 2012? It could save your business hundreds of thousands of dollars and possibly the business itself.

For additional easy-to-implement cyber security tips for your business, click here.

To learn more about U.S. state and federal cyber laws read:
“A Primer on Cybercrimes In The United States and Efforts to Combat Cybercriminals – 50 State and Federal Cyber Law and Proposed Legislation Survey,” by Fernando Pinguelo and Brad Muller, Virginia Journal of Law and Technology (University of Virginia School of Law), Spring 2011), available here.

“Virtual Crimes, Real Damages Part II: What Businesses Can Do Today to Protect Themselves from Cybercrime, and What Public-Private Partnerships are Attempting to Achieve for the Nation of Tomorrow, Virginia Journal of Law and Technology (University of Virginia School of Law), Spring 2012, available here.

Zach Arbeitel is a senior at Rutgers University with a B.A. in History and Political Science and an interest in law and technology. Following graduation, he intends to pursue his interests and attend law school.

Want to read more articles like this? Sign up for our post notification newsletter, here.

Comments (3):

1. Log in to Reply

   Bagsion said:
   March 27, 2012 at 6:41 AM

   174 million records in 2011 is a big number. How to protect global data breach is a big problem.
2. Log in to Reply

   James B. Damiano said:
   March 29, 2012 at 8:33 AM

   What I find hard to believe is that “a large number of these data breaches combined, stole, or guessed credentials to gain access to “backdoors” in order to retain access to businesses’ data records.” It seems that this is the sole fault of the organization if they opt to have such a low level of security. If credentials can be guessed, an organization must take it upon themselves to increase their level of security and protect their sensitive data. I believe that this number can be greatly reduced at little cost to the companies that have experienced this data breach by using basic firewall securities and like systems.
3. Log in to Reply

   A.L. said:
   April 10, 2012 at 3:07 PM

   It seems to me that we should be highly concerned with the fact that the highest number of breaches by far is coming from external agents. The fact that there has been such an increase in hacking makes me agree with Mr. Arbietel that businesses should be more motivated to implement protective and preventative measures. It was smart of Verizon to include suggestions of ways for businesses to mitigate these breaches. Although these measures may be costly, they seem to be worth it in the long run.