Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Is Falling Short When It Comes To Dealing With Growing Cyber Attacks

The total number of network breaches are on the rise, although data loss from cyber attacks has decreased significantly, according to two new security studies. Verizon's 2011 Data Breach Investigations Report finds that while data losses declined in 2010, the total number of breaches was "higher than ever." The second study, the Trustwave Global Security Report, analyzed data breach investigations in 2011 and found that customer records continue to be a primary target for attackers, comprising 89% of breached data investigated.

According to Michael Davis, CEO of Chicago-based security consulting firm Savid Technologies and author of the new InformationWeek Report "How to Pick Endpoint Protection,"malware was by far the most common reason for security breaches suffered by respondents to the InformationWeek 2011 Strategic Security Survey. He says they routinely see users dismiss a security prompt or choose to execute a program (which turns out to be malicious) because they are irritated at being interrupted or don't understand the consequences of their actions.

The number of compromised records involved in data breaches investigated by Verizon and the U.S. Secret Service decreased from 144 million in 2009 to only 4 million in 2010, representing the lowest volume of data loss since the report's launch in 2008, Verizon says. By contrast, its report covers about 760 data breaches, which Verizon says is the largest caseload to date. Wade Baker, director, research and intelligence, at Verizon Enterprise Solutions, says that was the most surprising finding. "To go from 385 million in 2008 to less than 4 million a couple of years later is a pretty dramatic decline,'' he says. "That's hands-down the No. 1 thing that surprised me."

The biggest trend, according to Baker, has been the shift in tactics used by organized criminal groups. "They're really in it for the money--not to embarrass you or steal intellectual property ... They're just looking to make a buck." Organized crime groups are especially prevalent in Eastern Europe and South America, he says, and they specialize in offloading records in the black market.

Significantly, both reports found that the food, beverage, hospitality and retail verticals saw the most system breaches. Baker says there has been a decline in the number of records being stolen in the financial sector since many hackers were caught and sent to prison, which "sent a message" and changed the way they calculated risk. Hackers then began targeting smaller companies and settling for smaller batches of data, he says.

"It's very interesting--the hospital and retail standard attack is a very quick attack, where the attacker scans the internet for openings in remote access systems." He says attackers look for well-known user names and passwords that can be easily compromised. "These organizations don't have very strong security mechanisms."

The Verizon report also found that outsiders are responsible for 92% of breaches, a significant increase from the 2010 findings.

  • 1