A study conducted by the Verizon Business RISK team in cooperation with the United States Secret Service has found that breaches of electronic records in 2009 involved more insider threats, greater use of social engineering and the continued strong involvement of organized criminal groups.

Key Findings of the 2010 Report include:

• Most data breaches investigated were caused by external sources. 69% of breaches resulted from these sources, while only 11% were linked to business partners. 49% were caused by insiders, which is an increase over previous report findings, primarily due in part to an expanded dataset and the types of cases studied by the Secret Service.

• Many breaches involved privilege misuse. 48% of breaches were attributed to users who, for malicious purposes, abused their right to access corporate information. An additional 40% of breaches were the result of hacking, while 28% were due to social tactics and 14% to physical attacks.

• Commonalities continue across breaches. As in previous years, nearly all data was breached from servers and online applications. 85% of the breaches were not considered highly difficult, and 87% of victims had evidence of the breach in their log files, yet missed it.

• Meeting PCI-DSS compliance still critically important. 79% of victims subject to the PCI-DSS standard hadn’t achieved compliance prior to the breach.

The report also says the decline in the overall number of data breaches may be due to a number of factors, including “law enforcement’s effectiveness in capturing criminals.”

Related Links:
Full PDF copy of the “2010 Data Breach Investigations Report” / Press Release
Hacked Companies Hit by the Obvious in 2009 Brian Krebs, Jul.28.2010