2011 Data Breach Investigations Report

By: Absolute Team | 4/22/2011

Verizon has just released its 2011 Data Breach Investigations Report looking at the breaches recorded by Verizon and the US Secret Service for 2010.

Following our analysis of the 2010 report and the 2009 report, the 2011 report shows that the total number of data breaches reached an all-time high in 2010 with 760 breaches. However, the breaches mostly affected smaller record numbers (<10,000), dropping the number of compromised records from 144 million in 2009 to 4 million in 2010. Due to the record number of actual breaches, businesses should not consider the drop in compromised records a "win." Rather, this is a change of tactics by cybercriminals:

"They are engaging in small, opportunistic attacks rather than large-scale, difficult attacks and are using relatively unsophisticated methods to successfully penetrate organizations. For example, only 3 percent of breaches were considered unavoidable without extremely difficult or expensive corrective action."

Of interest, because of the change in tactics, there was a big jump in the number of breaches caused by outsiders (92%). The percentage of insider attacks decreased to 16% versus 49%, but this is misleading because the total number of insider attacks actually remained relatively constant.

The data shows that physical attacks and stolen passwords / credentials are both serious areas of concern. For the rest of the report, and enterprise recommendations, read here.

Financial Services