Motivated criminals hunt government data

Verizon report finds hackers less likely to walk away from agency targets

Slice and dice the data six ways from Sunday, and one fact remains intact: In 2009, 94 percent of all compromised records were attributable to financial services, according to Verizon's 2010 Data Breach Investigations Report.

Of the 100 new investigations the Verizon Risk Team handled in 2009, “probably six or so, about 4 percent,” were for government agencies, said Wade Baker, director of risk intelligence at Verizon Business and lead author of the report. That percentage doesn’t vary much from year to year.


RELATED STORIES

Lack of attention invites cybersecurity breaches

How hackers use the World Cup and Chelsea Clinton to steal your data


The team looked at more than 900 breaches involving more than 900 million compromised records over a six-year period and included data from the U.S. Secret Service, which investigates financial crimes.

In some ways, government looks a lot like the financial and tech services sectors in the data breach report, Baker said. Whether it’s organized crime looking for credit card data or cyber terrorists trying to access government and defense data, “the common denominator is that of having a more motivated criminal,” he said.

“A lot of what we see in retail and hospitality, like restaurants and hotels, is a criminal that wants an easy score," he added. "They try something, and if they don’t get in, they just move on."

But in financial and tech services, being a more motivated criminal means being more dedicated to the attack. “They might try one technique, and if that doesn’t work, they’ll try two or three more until they do get in,” Baker said. Such attacks also might go beyond hacking and malware to involve social engineering, insider abuse and even physical attacks.

“In other ways — and I found this kind of surprising — government resembles retail and the food and beverage industry, especially in the response category,” he said.

Government agencies are “pretty slow in discovering and responding to breaches,” Baker said. “I don’t know why.”

Federal and state government agencies are on the low side of average because, like the retail and hospitality sectors, their IT departments take a long time to discover a breach.

Financial and tech services are on the high side of that average, Baker said.

About the Author

Sami Lais is a special contributor to Washington Technology.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
 Top 100 Slideshow
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts