October 26, 2012 – Data breaches in 2011 reached near-record highs, with the majority attacking enterprises based primarily on opportunity, according to a new data security analysis from telecommunications provider Verizon.
The analysis covered 855 data security “incidents” at enterprises, consisting of 174 million compromised records, which was the second-highest total since Verizon started annual reviews in 2004. Working with international government criminal investigation agencies on the report, Verizon found most breaches were caused by financially motivated organized crime groups “which typically attack smaller, low-risk targets to obtain personal and payment data for various fraud schemes,” according to the report. Ninety-eight percent of breaches came from external agents, with a single-digit percentage of collusion with internal employees or business partners, according to the report. Verizon tied 58 percent of breaches to groups associated with some degree of activism. The reported indicted 79 percent of breaches were based on opportunity rather than choice.
“Mainline cybercriminals continued to automate and streamline their method du jour of high-volume, low-risk attacks against weaker targets. Much less frequent, but arguably more damaging, were continued attacks targeting trade secrets, classified information, and other intellectual property,” report authors wrote.
Data includes investigations of 60 health care breaches that occurred during the past two years, the bulk of which occurred in outpatient facilities. Most of the attacks involve hacking and malware, with a focus on point-of-sale systems. These can be prevented by changing administrative passwords on POS systems, implementing a firewall, avoiding using the POS to browse the Web, and making sure the devices are Payment Card Industry Data Security Standard compliant.
The Verizon report also gives a primer on various types of attacks, with descriptions of how attacks work, ways to indicate the presence of an attack and how to mitigate them, including:
- Implement a firewall or ACL on remote access services
- Change default credentials of POS systems and other
- Internet-facing devices
- If a third party vendor is handling the two items above, make sure they’ve actually done them
For Larger Enterprises
- Eliminate unnecessary data; keep tabs on what’s left
- Ensure essential controls are met; regularly check that they remain so
- Monitor and mine event logs
- Evaluate your threat landscape to prioritize your treatment strategy
- Refer to the conclusion of this report for indicators and mitigators for the most common threats
The Data Breach Investigations Report is available here.
Information-Management.com Senior Editor Justin Kern contributed to this report. It originally appeared at Health Data Management.