Insider threats, social engineering, and organized crime on the rise

The study also noted that the overall number of breaches investigated last year declined from the total for the previous year. The report cited stolen credentials as the most common way of gaining unauthorized access into organizations in 2009, pointing once again to the importance of strong security practices both for individuals and organizations. Organized criminal groups were responsible for 85 percent of all stolen data last year, the report said.  

Verizon Business investigative experts found, as they did in the company’s prior data breach reports, that most breaches were considered avoidable if security basics had been followed. Only 4 percent of breaches assessed required difficult and expensive protective measures.
 

The 2010 report concluded that being prepared remains the best defense against security breaches. For the most part, organizations still remain sluggish in detecting and responding to incidents. Most breaches (60 percent) continue to be discovered by external parties and then only after a considerable amount of time. And while most victimized organizations have evidence of a breach in their security logs, they often overlook them due to a lack of staff, tools or processes.
 

The collaboration with the Secret Service, announced in May, enabled this year’s Data Breach Investigations Report to provide an expanded view of data breaches over the last six years. With the addition of Verizon’s 2009 caseload and data contributed by the Secret Service -- which investigates financial crimes -- the report covers 900-plus breaches involving more than 900 million compromised records.
 

“This year we were able to significantly widen our window into the dynamic world of data breaches, granting us an even broader and deeper perspective,” said Peter Tippett, Verizon Business vice president of technology and enterprise innovation.  “By including information from the Secret Service caseload, we are expanding both our understanding of cybercrime and our ability to stop breaches.”  

Michael Merritt, Secret Service assistant director for investigations, said: “The Secret Service believes that building trusted partnerships between all levels of law enforcement, the private sector and academia has been a proven and successful model for facing the challenges of securing cyberspace. It is through our collaborative approach with established partnerships that the Secret Service is able to help expand the collective understanding of breaches and continue to augment our advanced detection and prevention efforts.”