I have some of the key findings posted below from Verizons 2011 Data Breach Report. Nothing to surprising in the report; data breaches are occurring for two major reasons, hacktivism and criminal intent.
In 2010, the Secret Service arrested more than 1,200 suspects for cybercrime violations. These investigations involved over $500 million in actual fraud loss.
Because the increase in arrests criminals are opting to “play it safe” and are moving away from large-scale Financial Services firms and moving to hotels, restaurants, and retailers.
Who were behind data breaches in 2011?
- 92% stemmed from external agents (hackers).
- 17% implicated insiders.
What commonalities exist in report data breaches?
- 96% of breaches were avoidable through simple or intermediate controls.
- 92% of attacks were not highly difficult.
- 86% where discovered by a third party.
- 83% of victims were targets of opportunity.
How did the breaches occur?
- 50% utilized some for of hacking.
- 49% incorporated malware
Conclusions and Recommendations
- Access Control
- Change default credentials
- User account review.
- Restrict and monitor privileged users.
- Network Management
- Secure remote access services
- Monitor and filter egress network traffic
- Secure Development
- Application testing and code review
- SQL injection
- Cross-site scripting
- Authentication bypass
- Exploitation of session variables
- Log Management and Analysis
- Enable application and network witness logs and monitor them.
- Define “suspicious” and “anomalous” (then look for whatever “it” is)