Cyber criminals engaging in small, opportunistic attacks
Data loss through cyber attacks decreased in 2010, but the total number of breaches were higher than ever, according to a new report by Verizon.
The report "Verizon 2011 Data Breach Investigations Report" highlighted that businesses and consumers must remain vigilant in implementing and maintaining security practices.
The number of compromised records involved in data breaches investigated by Verizon and the US Secret Service dropped from 144 million in 2009 to 4 million in 2010, representing the lowest volume of data loss since the report’s launch in 2008. However, the report revealed the occurrence of approximately 760 data breaches, the largest caseload to date.
According to the report, the seeming contradiction between the low data loss and the high number of breaches likely stems from a significant decline in large-scale breaches, caused by a change in tactics by cybercriminals.
The report revealed that cyberciminals are engaging in small, opportunistic attacks rather than large-scale, difficult attacks and are using relatively unsophisticated methods to successfully penetrate organisations.
In addition, outsiders are responsible for 92% of breaches, a significant increase from the 2010 findings.
However, the percentage of insider attacks decreased significantly over the previous year (16% versus 49%), due to the increase in smaller external attacks. As a result, the total number of insider attacks actually remained relatively constant.
Hacking (50%) and malware (49%) were the most prominent types of attack, with many of those attacks involving weak or stolen credentials and passwords.
In addition, physical attacks such as compromising ATMs appeared as one of the three most common ways to steal information, and constituted 29% of all cases investigated.
Verizon security and industry solutions vice-president Peter Tippett said this year, they witnessed highly automated and prolific external attacks, low and slow attacks, intricate internal fraud rings, countrywide device-tampering schemes, cunning social engineering plots and more.
"And yet, at the end of day, we found once again that the vast majority of breaches can be avoided without extremely difficult, expensive security measures," Tippett said.