Highlights from 2011 Verizon Data Breach Investigations Report

I have some of the key findings posted below from Verizons 2011 Data Breach Report. Nothing to surprising in the report; data breaches are occurring for two major reasons,  hacktivism and criminal intent. 

In 2010, the Secret Service arrested more than 1,200 suspects for cybercrime violations. These investigations involved over $500 million in actual fraud loss.

Because the increase in arrests criminals are opting to “play it safe” and are moving away from large-scale Financial Services firms and moving to hotels, restaurants, and retailers.

Verizon did write the story on data breaches is not changing every year. The story is the same each year. Some unstoppable attacker or some previous unknown method did not overpower the victims instead the victims knew how to stop the attacker with good proven best practices in infrastructure and software development.

Who were behind data breaches in 2011?

• 92% stemmed from external agents (hackers).
• 17% implicated insiders.

What commonalities exist in report data breaches?

• 96% of breaches were avoidable through simple or intermediate controls.
• 92% of attacks were not highly difficult.
• 86% where discovered by a third party.
• 83% of victims were targets of opportunity.

How did the breaches occur?

• 50% utilized some for of hacking.
• 49% incorporated malware 

Conclusions and Recommendations

• Access Control
• Change default credentials
• User account review.
• Restrict and monitor privileged users.          
• Network Management
• Secure remote access services
• Monitor and filter egress network traffic
• Secure Development
• Application testing and code review
• SQL injection
• Cross-site scripting
• Authentication bypass
• Exploitation of session variables

• Log Management and Analysis
• Enable application and network witness logs and monitor them.
• Define “suspicious” and “anomalous” (then look for whatever “it” is)