Verizon: Organized crime behind data breaches

Of the 285 million records compromised in the 90 confirmed network breaches Networx vendor Verizon examined last year, 91 percent were linked to organized crime. And only a third were publicly disclosed.

With increasing supply and falling prices, criminals have had to overhaul their processes and differentiate their products to maintain profitability, the report states. Their method: Target points of data concentration or aggregation to get the most valuable information.

“The big money is now in stealing personal identification number information, together with associated credit and debit accounts,” the report states.

In the 2009 Data Breach Investigations Report" released April 15, the Verizon Business Risk Team based its results on evidence the company collected during data breach investigations from 2004 to 2008, with 2008 events forming the primary analytical focus.

Although financial organizations were the biggest targets, 13 percent of the team’s caseload were companies that had recently been merged or acquired. “Mergers and acquisitions bring together not only the people and products of once separate organizations, but their technology environments as well,” the report states. “Integration rarely happens overnight or without a hitch. Technology standards are sometimes set aside for the sake of business expediency.”

The report also quashed the widely held belief that insiders perform most hacks: 74 percent of the breaches were from external sources, such as organized crime and government entities.

However, hackers were greatly aided in their activities by the victims, with 67 percent of breaches resulting from someone taking advantage of a vulnerability to hack into a network and install malware to collect data.

More than 80 percent of attacks occurred in Eastern Europe, East Asia and North America, the report states. “Though it’s tempting to pander to hype surrounding state-sponsored attacks from Asia, we find no evidence to support the position that governments are a significant source of cyber crime,” Risk Team members wrote. However, evidence is strong that malicious activity in Eastern Europe is the work of organized crime, they added.

The Verizon team “regularly interacts with governmental agencies and law enforcement personnel from around the world to transition case evidence and set the stage for prosecution,” the report states.

5 tips to protect your data

  • Ensure the essential controls are met.
  • Find, track and assess data.
  • Collect and monitor event logs.
  • Audit user accounts and credentials.
  • Test and review Web applications.

Source: 2009 Data Breach Investigations Report

About the Author

Sami Lais is a special contributor to Washington Technology.

Reader Comments

Mon, Apr 20, 2009 John Franks Alexandria, VA

Most companies enjoy “security” insofar as they haven’t been targeted yet, or suffered human error resulting in a catastrophic exposure. Systems of security are important, but no system can overcome laxity, ignorance or deliberate intent to harm. Necessary is an efficient prism through which every activity is viewed from a security perspective. PriceWaterhouseCooper and Carnegie-Mellon’s CyLab surveys show the senior executive class to be lacking regarding IT risk and its tie to overall enterprise (business) risk. Data problems are due to a lagging business culture – absent a new eCulture, breaches continue to increase. I must constantly look for timely ways to help my business and IT teams further their education. Check your library: Required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." The book came to us from an intern, who used it in an MBA course at University of Wisconsin. Read the book before you suffer a breach, or propagate one.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.


contracts DB