Data breaches: it's criminals again

Summary:The majority of data breaches and almost all data stolen (98 per cent) is the work of criminals outside the victim organisation. That's according to the 2010 Data Breach Investigations Report published by Verizon Business last week.

The majority of data breaches and almost all data stolen (98 per cent) is the work of criminals outside the victim organisation. That's according to the 2010 Data Breach Investigations Report (PDF) published by Verizon Business last week.

In this third annual report, the first to include data on financial crimes provided by the US Secret Service, the lessons are all too familiar. Overall, some 85 per cent of the attacks were considered not especially difficult. In the vast majority of cases there was evidence of the breach right there in the victims' system logs. Yet in 61 per cent of cases the victims didn't know about the breach until they were notified by third parties.

On Patch Monday this week, Stilgherrian speaks with one of the report's authors, Mark Goudie, who heads up the forensics practice for Verizon Business Asia-Pacific in Melbourne.

In other security news, Adobe announced that it will adopt Microsoft's model of sharing information about software vulnerabilities with security vendors before making public announcements — the Microsoft Active Protections Program (MAPP).

Jerry Bryant from Microsoft's Trustworthy computing team explains why they want to end the arguments about "full disclosure" of vulnerabilities versus "responsible disclosure", and work under this new model of "coordinated vulnerability disclosure".

Patch Monday also includes Stilgherrian's random look at some of the week's IT news headlines.

To leave an audio comment for Patch Monday, Skype to stilgherrian, or phone Sydney 02 8011 3733.

Running time: 24 minutes, 22 seconds.

Topics: Security, Big Data

About

Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust. He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit tr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.