madison
Home / News & Blogs

Most data breaches tied to the mob, report

Elinor Mills CNET News | July 28, 2010 5:28 AM PDT

Summary

Organized criminals were responsible for 85 percent of all stolen data last year according to a report.

Topics

Verizon Communications Inc., Data Breach, Real Estate, Hacking, Security, Business Operations

Organized criminals were responsible for 85 percent of all stolen data last year and of the unauthorized access incidents, 38 percent of the data breaches took advantage of stolen login credentials, according to the 2010 Verizon Data Breach Investigations report released on Wednesday.

While external agents were behind 70 percent of the breaches, nearly 50 percent were caused by insiders and only 11 percent were attributed to business partners, concluded the report, which focused on data breaches that took place in 2009.

The study combined data from investigations and statistics worldwide compiled by Verizon and the US Secret Service in which 141 cases were analyzed involving more than 143 million compromised data records, compared with the more than 360 million records compromised in 2008.

"Attackers really do seem to be not so much concerned with finding software vulnerabilities as much as finding types of misconfigurations that let them in the door," Wade Baker, director of risk intelligence for Verizon Business, told CNET News on Tuesday.

For more on this story, read Report: Most data breaches tied to organized crime on CNET News.

Talkback Most Recent of 11 Talkback(s)

  • RE: Most data breaches tied to the mob, report
    Come on... One more time... InZerosystems dot com... TOTAL security! NO MORE violations!!
    ZDNet Gravatar
    Paul@...
    28th Jul 2010
  • RE: Most data breaches tied to the mob, report
    "While external agents were behind 70 percent of the breaches, nearly 50 percent (typo? did you mean 30%" were caused by insiders and only 11 percent were attributed to business partners, concluded the report, which focused on data breaches that took place in 2009."

    Um... what am I missing? 70% from outsiders, and the "remaining" 50% were insiders? Of the 50% that were insiders, only 11% (of the totalm thus 22% of the insiders group?) were partners, the rest were typical employees?

    ...OR...

    Of the 70% of attacks from the outside, half were caused, i.e. enabled by, the actions (either malicious or careless) of insiders?
    ZDNet Gravatar
    bobatwork
    28th Jul 2010
  • RE: Most data breaches tied to the mob, report
    @bobatwork I'm guessing that the writer fat-fingered "20%" into "50%".
    ZDNet Gravatar
    Blurgle
    28th Jul 2010
  • RE: Most data breaches tied to the mob, report
    that or, 70% were engineered by external agents, 50% caused by insiders, meaning there is an overlap of external agents either buying or blackmailing the insiders. It is worded the same in the article linked, and the link to the actual report there is broken
    ZDNet Gravatar
    kevinrs1
    28th Jul 2010
  • Somebody broke in and changed the figures...
    lol
    ZDNet Gravatar
    LarsDennert
    28th Jul 2010
  • RE: Most data breaches tied to the mob, report
    I think 100% of articles quoting percentages (or most other statistics) are wrong a small percent of the time.

    I also think that the author should do more research and provide raw figures to the readers and let the reader figure out the percentages.

    My only remaining questions:
    - How is the 'mob report' responsible for stolen data?
    - How do you tie data breaches?
    - What knot do you use?
    - Where's Waldo?
    ZDNet Gravatar
    SoccerDad#2
    28th Jul 2010
  • RE: Most data breaches tied to the mob, report
    I would believe it. With all of those IT security and advanced skilled workers out of work, they can hire for mob, with or without, the knowledge of the worker. The mob can make a front company saying they are doing pen testing for some company even thought they are really breaking into the company for "other" purposes.
    ZDNet Gravatar
    phatkat
    28th Jul 2010
  • Bad reading skills
    I think those who are questioning the percentages need to go back to school and finish maths. The percentages made sense to me on first read. But then I do stats and engineering etc. OK here is the translation. 70 % of all breaches are from external sources. The 50% covers breaches "caused by insiders", meaning that they 'caused' the breach in some way but the overlap to the 70% comes from where both were involved. Get it yet? It could be in any number of ways, passing data or passwords to others in the 70%, etc. Out of the original 100% only 11% were from 'partners' meaning they could grab the data or pass on the passwords to someone in the 70% and thus be also in the 50%. I get it but I guess not everyone will. So the writer could have made a better job of it, sure, but it isn't all that hard, really guys, come on, work it out for yourselves.

    Writers really shouldn't have to spell everything out for everyone and some assumptions about your education level are fair enough. You are educated, aren't you? You are in IT I assume? I know education in the USA is lower than in the rest of the world for some reason, probably politics, but even still it isn't rocket science! I suggest those who are having trouble try some mental exercises and not expect everything to be totally spelt out for you, like a Hollywood movie does. I know, you are going to say I'm some elitist snob or something, I'm not. Just spelling it out for you...
    ZDNet Gravatar
    bsit@...
    28th Jul 2010
  • RE: Most data breaches tied to the mob, report
    I wonder if we'll ever have a civilization.
    ZDNet Gravatar
    trm1945
    28th Jul 2010
  • RE: Most data breaches tied to the mob, report
    To quote Brian Fantana from 'Anchor Man': They've done studies, you know. 60% of the time it works, every time.
    ZDNet Gravatar
    derwil
    29th Jul 2010
  • RE: Most data breaches tied to the mob, report
    As a member of the hacking community I'd like to +1 this article... hackers probe systems and find exploits, and many ethical hackers will alert companies of the exploit. On the other hand, organized criminals are the ones responsible for giving hackers a bad name. Additionally, most of the time they aren't even 'hacking' but as the statistics point out... they have a plant or inside man... think about this the next time you put your credit card info into a form, or say it on the phone... is the person that reads that info a trusted employee or disgruntled employee? Companies need to look on the inside for their security vulnerabilities. Policies and guidelines with employee oversight could eliminate a great deal of all security problems -- this applies to gov't agencies as well!!!
    ZDNet Gravatar
    ]AR[*tREMor
    29th Jul 2010

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity