2010 Data Breach Report Finds More Insider Threats

The 2010 Verizon Data Breach Investigations Report, based on collaboration with the US Secret Service, has found that breaches of electronic records last year involved more insider threats, greater use of social engineering and the continued strong involvement of organised criminal groups.

The study also noted that the overall number of breaches investigated last year declined from the total for the previous year – “a promising” indication, the study said.

The report cited stolen credentials as the most common way of gaining unauthorised access into organisations in 2009, pointing once again to the importance of strong security practices both for individuals and organisations. Organised criminal groups were responsible for 85% of all stolen data last year, the report said.

Verizon Business investigative experts found, as they did in the company’s prior data breach reports, that most breaches were considered avoidable if security basics had been followed. Only 4% of breaches assessed required difficult and expensive protective measures.

The 2010 report concluded that being prepared remains the best defence against security breaches. For the most part, organisations still remain sluggish in detecting and responding to incidents. Most breaches (60%) continue to be discovered by external parties and then only after a considerable amount of time. And while most victimised organisations have evidence of a breach in their security logs, they often overlook them due to a lack of staff, tools or processes.

The collaboration with the Secret Service enabled this year’s Data Breach Investigations Report to provide an expanded view of data breaches over the last six years. With the addition of Verizon’s 2009 caseload and data contributed by the Secret Service – which investigates financial crimes – the report covers 900-plus breaches involving more than 900 million compromised records.

Michael Merritt, Secret Service assistant director for investigations, said: “The Secret Service believes that building trusted partnerships between all levels of law enforcement, the private sector and academia has been a proven and successful model for facing the challenges of securing cyberspace. It is through our collaborative approach with established partnerships that the Secret Service is able to help expand the collective understanding of breaches and continue to augment our advanced detection and prevention efforts.”

Key Findings of the 2010 Report

This year’s key findings both reinforce prior conclusions and offer new insights. These include:

  • Most data breaches investigated were caused by external sources. Sixty-nine percent of breaches resulted from these sources, while only 11% were linked to business partners. Insiders caused 49% of breaches, which is an increase over previous report findings, primarily due in part to an expanded dataset and the types of cases studied by the Secret Service.
  • Many breaches involved privilege misuse. Forty-eight percent of breaches were attributed to users who, for malicious purposes, abused their right to access corporate information. An additional 40% of breaches were the result of hacking, while 28% were due to social tactics and 14 percent to physical attacks.
  • Commonalities continue across breaches. As in previous years, nearly all data was breached from servers and online applications. Eight-five percent of the breaches were not considered highly difficult, and 87% of victims had evidence of the breach in their log files, yet missed it.
  • Meeting PCI-DSS compliance still critically important. Seventy-nine percent of victims subject to the PCI-DSS standard hadn’t achieved compliance prior to the breach.


Related reading