Fact: In 2009, organized crime was responsible for 85% of all stolen electronic records.

Significance: Sophistication. As criminal planning and organization increases, so do results.

Fact: In 2009, about 96% of all electronic security breaches were considered avoidable.

Significance: Carelessness. As users continue to be inattentive to security basics and sluggish in reporting security failures, breaches in highly sensitive electronic systems will continue and probably increase.

Conclusion: Sophisticated attacks on carelessly handled materials will mean damaging, sometimes irreparable, consequences.

This message is clear. Electronic information must be kept secure amid relentless attack. And because frequently it is not, it is lost or stolen.

A serious in-depth study by Verizon Business experts found that only 4% of breaches last year required expensive protection. This means that most breaches could easily have been prevented.

It also tells us that we cannot leave our private and valuable electronic files behind unlocked doors. Not for a moment.

What to do about it: Be Prepared!

Verizon teamed up with the U.S. Secret Service to launch this study on breaches of electronic records in 2009. The 2010 Verizon Data Breach Investigations Report, the first-ever such report, was released in July. It revealed findings that breaches involved increased insider threats, expanded use of engineering, and continued strong involvement of organized crime groups.

The good news: it revealed that the number of breaches overall in the past year showed a decrease from 2008. On the other hand, stolen credentials were the most common method of unauthorized access into organizations. This underscores the great need for individuals and organizations alike to intensify their security practices to make sure that all user credentials are well protection.

We find this especially urgent because 60% of all breaches in 2009 were discovered not by the parties whose records were infiltrated, but by external sources. And these discoveries were usually made, surprisingly, only after great amounts of time had elapsed since the breachings.

Failure to identify the problem was usually not because the attack was so highly sophisticated that it required very expensive high-tech equipment. And more often than not, the attacker left tracks that could easily have been identified.

Then why weren’t they quickly discovered and dealt with? The report concluded that they were not because of three primary reasons: lack of personnel to watchdog the systems; too few tools; not enough systems to secure data records.

This year the breach investigation report was greatly expanded by Verizon’s collaboration with the Secret Service. A federal agency that investigates financial crimes, it provided Verizon with sizable amounts of investigative data for use in the report. This additional information enabled it to cover more than 900 breaches that involved 900 million compromised records.

“By including information from the Secret Service caseload,” said Peter Tippett, Verizon Business vice president of technology and enterprise innovation, “we are expanding both our understanding of cybercrime and our ability to stop breaches.”

Here are some details of the study’s key findings:

♦  Most data breaches (69%) were from external sources, 11% from business partners, and 49% from insiders. (The total exceeds 100% because violators were sometimes included in two of the categories.)

♦  Malicious misuse by privileged users accounted for 48% of breaches, hackers accounted for 40%, social tactics for 28%, and physical attacks for 14%. (The total again exceeds 100% for the same reason as above.)

♦  Breaches not considered difficult accounted for 85%. Surprisingly, investigators found that 87% of victims had evidence of breaches in their log files, but they had been  missed.

♦  The report found that 79% of victims subject to the PCI DSS (Payment Card Industry Data Security Standard) failed to achieve compliance before their data were breached.

Even so, the number of breaches has reduced year on year, “a positive sign that we are gaining some ground in the fight against cybercrime,” said Tippett. “Being able to share more information through the use of the Verizon Enterprise Risk Incident Sharing (VERIS) security research framework, we believe we will be even better equipped to arm organizations with the best principles, processes, tools, and services.”

Restrict and Monitor Privileged Users. Insider breaches are on the rise, and the best strategy to control them includes preemployment screening, limited user privileges, and separation of duties. All privileged use should be logged.

Be Alert to “Minor” Policy Violations. The study finds a correlation between minor violations and more serious abuse. Organizations should thus be alert to and respond to all policy violations. Illegal content and other inappropriate behavior are indicators of future breaches.

Priority No. 1: Keep Data-Capturing Malware off the System. If appropriate, use two-factor authentication. And also use time-of-use rules, IP (Internet Protocol) blacklisting, and administrative connection restrictions.

Priority No. 2: Monitor and Filter Outbound Traffic. Understanding and controlling outbound traffic will greatly reduce malicious activity.

Priority No. 3: Monitor Data and Log Analyses. A breach almost always leaves some evidence. Maintain enough people, supply adequate tools, and use sufficient processes to thoroughly review batch-processed data and analyses of logs.

Priority No. 4: Share Information. Verizon believes that the availability of information and sharing it are vital in the ongoing battle against cybercrime. An organization’s ability to fully protect itself must depend on up-to-date knowledge and technology from day to day.

Get Full Report: http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf