Verizon Business RISK data crime–investigation team's 2010 Data Breach Investigations Report
mheyman at gmail.com
mheyman at gmail.com
Thu Aug 19 10:56:38 EDT 2010
I haven't read the report
<http://www.verizonbusiness.com/resources/reports/rp_2010-DBIR-combined-reports_en_xg.pdf>,
except for the executive summary at the end of the pdf and another
summary here <http://windowssecrets.com/2010/08/19/02-New-analysis-of-stolen-data-brings-surprises/#story1>.
Note that 4 out of 5 victims subject to PCI-DSS had not achieved
compliance.
>From the executive summary:
WHO IS BEHIND DATA BREACHES?
70% resulted from external agents (-9%)
48% were caused by insiders (+26%)
11% implicated business partners (-23%)
27% involved multiple parties (-12%)
HOW DO BREACHES OCCUR?
48% involved privilege misuse (+26%)
40% resulted from hacking (-24%)
38% utilized malware (<>)
28% employed social tactics (+16%)
15% comprised physical attacks (+6%)
WHAT COMMONALITIES EXIST?
98% of all data breached came from servers (-1%)
85% of attacks were not considered highly difficult (+2%)
61% were discovered by a third party (-8%)
86% of victims had evidence of the breach in their log files
96% of breaches were avoidable through simple or intermediate controls (+9%)
79% of victims subject to PCI-DSS had not achieved compliance
----
Michael Heyman
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list