Financial Industry Accounts for 93 Percent of 285 Million Compromised Records

18/06/2009

Data security breaches are becoming a more common occurance with many more organisations sharing data across the Internet.  Whilst some companies have taken steps to secure their data communications it would appear with the rewards as significant as they are that organised crime is at the heart of many data security losses.  The following is an excerpt from an article on the verizonbusiness.com web site;

Verizon Business 2009 Data Breach Study Finds Significant Rise in Targeted Attacks, Organized Crime Involvement
Financial Industry Accounts for 93 Percent of 285 Million Compromised Records; Most Breaches Avoidable if Proper Precautions Taken

* According to the just-released “2009 Verizon Business Data Breach Investigations Report” (DBIR), corporations fell victim to some of the largest cybercrimes ever during 2008.
* This second annual study – based on data analyzed from Verizon Business’ actual caseload comprising 285 million comprised records from 90 confirmed breaches – revealed that more electronic records were breached in 2008 than the previous four years combined, fueled by a targeting of the financial services industry and a strong involvement of organized crime.
* The financial services sector accounted for 93 percent of all compromised records and a staggering 90 percent of these records involved groups engaged in organized crime.

KEY FINDINGS OF THE 2009 REPORT

This year’s key findings support last year’s conclusions and provide new insights. These include:

* Most data breaches investigated were caused by external sources.
          o 74 percent of breaches resulted from external sources.
          o 32 percent were linked to business partners.
          o 20 percent were caused by insiders, a finding that may be contrary to certain widely held beliefs.

# Most breaches resulted from a combination of events rather than a single action.

* 64 percent of breaches were attributed to hackers who used a combination of methods.
* In most successful breaches, the attacker exploited some mistake committed by the victim, hacked into the network, and installed malware on a system to collect data.

# In 69 percent of cases, the breach was discovered by third parties.

* The ability to detect a data breach when it occurs remains a huge stumbling block for most organizations. Whether the deficiency lies in technology or process, the result is the same.
* During the last five years, relatively few victims discovered their own breaches.

# Nearly all records compromised in 2008 were from online assets.

* Despite widespread concern over desktops, mobile devices, portable media and the like, 99 percent of all breached records were attributable to compromised servers and applications.

# Roughly 20 percent of 2008 cases involved more than one breach.

* Multiple distinct entities or locations were individually compromised as part of a single case, and remarkably, half of the breaches consisted of interrelated incidents often caused by the same individuals.

# Being PCI-compliant is critically important.

* A staggering 81 percent of affected organizations subject to the Payment Card Industry Data Security Standard (PCI-DSS) had been found non-compliant prior to being breached.


The full report can be read here: http://www.verizonbusiness.com/about/news/displaynews.xml?newsid=25282&m...

Pro2col News Room Archive Read our older articles in the news room archive.