2010年8月25日 星期三

FW: [NEWSBANK] Verizon Data Breach 2010 Report states 96% of data breaches are avoidable


-------------------------------------------
寄件者: Jovi Umawing (AV-PH)
傳送日期: Wednesday, August 25, 2010 5:45:36 PM
收件者: Newsbank
主旨: [NEWSBANK] Verizon Data Breach 2010 Report states 96% of data breaches are avoidable
自動依照規則轉寄


 

Study: 96% of data breaches avoidable

 

A full 96 percent of data breaches are avoidable through simple or intermediate controls, according to “2010 Data Breach Investigations Report,” research conducted by Verizon’s Business Risk team in cooperation with the U.S. Secret Service (USSS).

The Data Breach Investigations Report analyzed the Verizon Business Risk 2009 caseload and aggregated data contributed from the USSS. The series now spans six years, 900-plus breaches and more than 900 million compromised records, according to the annual study. 

Among the findings:

·                       70 percent of data breaches resulted from external agents, down 9 percent from the previous year's report;

·                       48 percent were caused by insiders, an increase of 26 percent over the previous year;

·                       27 percent involved multiple parties, a 12 percent drop from previous findings; and

·                       11 percent implicated business partners, down 23 percent.


“Breaches linked to business partners continued the decline observed in our last report and reached the lowest level since 2004,” the report stated.

The report also stated that the breaches occurred for a variety of reasons, including:

·                       48 percent involved privilege misuse, up 26 percent from the previous report;

·                       40 percent resulted from hacking, a drop of 24 percent;

·                       38 percent utilized malware, roughly the same as in the last report;

·                       28 percent employed social tactics, a rise of 16 percent; and

·                       15 percent comprised physical attacks, a 6 percent jump.


“Misuse sits atop the list of threat actions leading to breaches in 2009,” although hacking and malware were responsible for more than 95 percent of all data compromised, according to the report. “Weak or stolen credentials, SQL injection and data-capturing, customized malware continue to plague organizations trying to protect information assets. Cases involving the use of social tactics more than doubled and physical attacks like theft, tampering and surveillance ticked up several notches.”

As in previous years, nearly all data (98 percent) were breached from servers and applications, and 96 percent of breaches were avoidable through simple or intermediate controls, an increase of 9 percent, the study found.

Sixty-one percent of breaches were discovered by a third party, down 8 percent from the previous report: “Most breaches are discovered by external parties and only then after a considerable amount of time,” the report stated.

The report recommended that organizations focus mitigation effort on:

·                       Eliminating unnecessary data and keeping tabs on what’s left;

·                       Ensuring essential controls are met;

·                       Testing and reviewing web applications;

·                       Auditing user accounts and monitoring privileged activity;

·                       Filtering outbound traffic; and

·                       Monitoring and mining event logs.


“Our profession has the necessary tools to get the job done. The challenge for us lies in selecting the right tools for the job at hand and then not letting them get dull and rusty over time … The amount of breaches that exploit authentication in some manner is a problem. In our last report it was default credentials; this year it’s stolen and/or weak credentials,” the study stated. “Whatever the reason [for data breaches], we have some work to do here.”

To see the "2010 Data Breach Investigations Report," click here.

 

Source: http://www.cmio.net/index.php?option=com_articles&view=article&id=23782&division=cmio

 

 

All the best,

 

 

Jovi Bepinosa Umawing | Technical Communications Associate

8th Flr. Tower 2, Rockwell Business CenterOrtigas Ave., Pasig City

Office: 63.02.995.6200 X 5977 | Mobile: 63.916.593.7203

Philippians 4:13 - I can do all things through Christ who strengthens me (KJV)

 

 

沒有留言: