Breaches Down, Insider Attacks Up, Verizon Business/Secret Service Study Says

[security curmudgeon <jericho () attrition org>]

[Courtesy of Brian Hoadley]

---------- Forwarded message ----------

http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=226300112

Breaches Down, Insider Attacks Up, Verizon Business/Secret Service Study Says
PCI compliance, saturation of black market may have driven decline, investigators say

Jul 28, 2010 | 08:06 AM
By Tim Wilson
DarkReading

The number of records compromised in major data breaches dropped sharply 
last year, according to a new study being issued today. But the causes of 
those breaches changed dramatically, shifting strongly toward insider 
attacks.

Those are just two of the conclusions revealed in the 2010 Verizon Data 
Breach Investigations 
Report<http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf> 
(PDF), a study that has been conducted annually by the forensics unit of 
Verizon Business, and this year combines Verizon's data with breach data 
compiled by the U.S. Secret Service.

One of the most striking figures in the new study is that even after 
combining its own numbers with those of the Secret Service, Verizon 
recognized a drop in the number of records breached last year. After 
seeing more than 285 million records compromised in 2008 -- 361 million 
records when combined with the Secret Service data -- the combined 
entities saw breaches of only 143 million records in 2009.

"There's some speculation that PCI compliance may be a factor in the 
drop," says Bryan Sartin, director of investigative response at Verizon 
Business, "but there are a lot of factors to weigh here. Realistically, we 
won't be able to say for sure what caused the drop-off until we've got a 
couple of years of data to look at."

The investigators did notice a marked drop-off in breaches following the 
indictment of Albert Gonzalez -- the cybercriminal credited with leading 
the hacks of TJX, Heartland Payment Systems, and others -- in 2009, Sartin 
says. "For 30 to 45 days, the rate of new crimes slowed down," he reports. 
"The number of incidents in Japan, which has historically been very quiet, 
rose to almost the same level as the U.S. There was a lot of shifting 
during that time period."

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php