Hackers going for the easy game: report
Data breach incidents are at an all-time high, yet the number of records lost in each incident has plummeted by hundreds of millions, according to a report.
(Door image by Anna Cervova, public domain)
Verizon's 2011 Data Breach Investigations Report examined some 800 new data breaches incidents in 2010, which is about double that handled by Verizon from 2004 to 2009, according to figures supplied by the United States Secret Service and Verizon's caseload of data breaches.
"It seems like what we saw in 2010 is already [nothing] as opposed to what we' will see in 2011," Verizon Business investigative response chief Mark Goudie said.
Yet the report also claimed that the total number of stolen records fell from 361 million in 2008 to 144 million in 2009, and from there to a meagre four million last year, based on United States data.
Goudie said that the drop in the number of records stolen may be a product of high-profile sentences. Last year, TJX and Heartland hacker Albert Gonzalez was sentenced to 20 years in a federal prison, while CarderPlanet founder Vladislav Horohori was arrested, and faces extradition and a 10-year jail term.
"The analogy is why would you hunt big game when there is evidence that this stuff hurts?" Goudie said. "It's better to hunt rabbits."
Goudie said that the attacks are hitting lower value targets in what he said was a "dumbing down" of attacks.
"It flies in the wind of the highly-sophisticated attacks like Aurora and Stuxnet ... the flashy ones are in the minority, so the key issue for businesses is to worry less about zero-day attacks and more about the simple stuff," he said.
The prices of credit cards are up, too, meaning that criminals do not have to harvest as many data sets to make money, according to the document.
The report, the latest in a series spanning seven years, 1700 breaches and 900 million compromised records, did not break down local statistics. However, Goudie told ZDNet Australia that the number of Australian data breach incidents in 2011 has already risen higher than what he saw over the same period in 2010.
In other findings, external threats were found to have overtaken leaky employees as the main source of data breaches, a reversal of a trend set in preceding reports.
The report also found that 89 per cent of organisations that suffered a breach were not compliant with the credit card compliance standard (PCI-DSS), but Goudie said that it's a sign that the standard can help prevent data loss.