Verizon: Organized crime behind data breaches

Of the 285 million records compromised in the 90 confirmed network breaches Networx vendor Verizon examined last year, 91 percent were linked to organized crime. And only a third were publicly disclosed.

With increasing supply and falling prices, criminals have had to overhaul their processes and differentiate their products to maintain profitability, the report states. Their method: Target points of data concentration or aggregation to get the most valuable information.

“The big money is now in stealing personal identification number information, together with associated credit and debit accounts,” the report states.

In the 2009 Data Breach Investigations Report" released April 15, the Verizon Business Risk Team based its results on evidence the company collected during data breach investigations from 2004 to 2008, with 2008 events forming the primary analytical focus.

Although financial organizations were the biggest targets, 13 percent of the team’s caseload were companies that had recently been merged or acquired. “Mergers and acquisitions bring together not only the people and products of once separate organizations, but their technology environments as well,” the report states. “Integration rarely happens overnight or without a hitch. Technology standards are sometimes set aside for the sake of business expediency.”

The report also quashed the widely held belief that insiders perform most hacks: 74 percent of the breaches were from external sources, such as organized crime and government entities.

However, hackers were greatly aided in their activities by the victims, with 67 percent of breaches resulting from someone taking advantage of a vulnerability to hack into a network and install malware to collect data.

More than 80 percent of attacks occurred in Eastern Europe, East Asia and North America, the report states. “Though it’s tempting to pander to hype surrounding state-sponsored attacks from Asia, we find no evidence to support the position that governments are a significant source of cyber crime,” Risk Team members wrote. However, evidence is strong that malicious activity in Eastern Europe is the work of organized crime, they added.

The Verizon team “regularly interacts with governmental agencies and law enforcement personnel from around the world to transition case evidence and set the stage for prosecution,” the report states.

5 tips to protect your data

  • Ensure the essential controls are met.
  • Find, track and assess data.
  • Collect and monitor event logs.
  • Audit user accounts and credentials.
  • Test and review Web applications.

Source: 2009 Data Breach Investigations Report

About the Author

Sami Lais is a special contributor to Washington Technology.

Reader Comments

Mon, Apr 20, 2009 John Franks Alexandria, VA

Most companies enjoy “security” insofar as they haven’t been targeted yet, or suffered human error resulting in a catastrophic exposure. Systems of security are important, but no system can overcome laxity, ignorance or deliberate intent to harm. Necessary is an efficient prism through which every activity is viewed from a security perspective. PriceWaterhouseCooper and Carnegie-Mellon’s CyLab surveys show the senior executive class to be lacking regarding IT risk and its tie to overall enterprise (business) risk. Data problems are due to a lagging business culture – absent a new eCulture, breaches continue to increase. I must constantly look for timely ways to help my business and IT teams further their education. Check your library: Required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." The book came to us from an intern, who used it in an MBA course at University of Wisconsin. Read the book before you suffer a breach, or propagate one.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts

  • How Do You Support the Project Lifecycle?

    How do best-in-class project-based companies create and actively mature successful organizations? They find the right mix of people, processes and tools that enable them to effectively manage the project lifecycle. REGISTER for this webinar to hear how properly managing the cycle of capture, bid, accounting, execution, IPM and analysis will allow you to better manage your programs to stay on scope, schedule and budget. Learn More!

  • Sequestration, LPTA and the Top 100

    Join Washington Technology’s Editor-in-Chief Nick Wakeman as he analyzes the annual Top 100 list and reveals critical insights into how market trends have impacted its composition. You'll learn what movements of individual companies means and how the market overall is being impacted by the current budget environment, how the Top 100 rankings reflect the major trends in the market today and how the biggest companies in the market are adapting to today’s competitive environment. Learn More!