Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
2010 Data Breach Investigations Report...
- http://www.informati...cleID=226300091
July 28, 2010 - "... the number of electronic records compromised through data breaches (over 143 million records) in 2009 was about -half- what it was in 2008 (285 million). Verizon's report* attributes some of the decline to law enforcement success, such as the 2008 arrest of Alberto Gonzales, who participated in some of the largest breaches known, including incidents affecting TJX Corporation and Heartland Payment Systems. But the report also says that the decline is a function of market saturation. There was so much stolen data floating around in 2008 that supply outstripped demand... One of the more startling findings is that none of the 141 breaches from 2009 investigated by either Verizon (57) or the U.S. Secret Service (84) involved a patchable vulnerability... Instead, the breaches tended to be attributable to easily fixed problems that should have been spotted. Specifically, 85% of attacks were not considered to be highly difficult, 86% of victims had evidence of the breach in their log files, and 96% of breaches were avoidable through simple or intermediate controls... It turns out that misuse of privileges represents a more common threat vector than hacking or malware, albeit one that doesn't tend to lead to the loss of a large number of records. What this suggests is that a lot of security money is misspent. Sartin said it is common for companies that get victimized to buy new technology when they really should be working with their employees to use the technology they already have but aren't fully utilizing. Some other key findings: Most breaches (60%) are discovered by outsiders after a long period of time; organized criminal groups were behind 85% of the data stolen in 2009; and insiders went from being an exaggerated threat to a meaningful one, but mainly in cases of collusion with external attackers..."
* http://securityblog....-dbir-released/
- http://preview.tinyurl.com/37d8rea
"... Key findings of the 2010 report:
• Most data breaches (69%) caused by external sources
• Many breaches (48%) involved privilege misuse
• Nearly all data is breached from servers and online applications
• Most breaches (85%) were not difficult to carry out
• Most victims (87%) missed evidence of security breaches in their log files
• Recommendations for enterprises:
- Restrict and monitor privileged users
- Watch for minor policy violations
- Implement measures to stop the use of stolen credentials
- Focus on the size and volume of log files
- Share incident information with other organisations"
- http://krebsonsecuri...bvious-in-2009/
July 28, 2010
Edited by AplusWebMaster, 28 July 2010 - 02:04 PM.
