What You Don't Know About the World's Worst Breaches - Dr. Peter Tippett on the 2009 Data Breach Investigations ReportJune 2, 2009 - Tom Field, Editorial Director
Verizon Business investigated 90 major data breaches in 2008, including 285 million compromised records. Nearly ¾ of those breaches were external hacks, and 99.9 percent of the records were compromised via servers and applications.
These are among the findings of Verizon's new 2009 Data Breach Investigations Report. In an exclusive interview, Dr. Peter Tippett, VP of Technology and Innovation at Verizon Business, discusses:
- The survey results;
- What these results mean to financial institutions and government entities;
- Which threats to watch out for most in the coming months.
Tippett is the chief scientist of the security product testing and certification organization, ICSA Labs, an independent division of Verizon Business. An information security pioneer, Tippett has led the computer security industry for more than 20 years, initially as a vendor of security products, and over the past 16 years, as a key strategist. He is widely credited with creating the first commercial anti-virus product that later became Norton AntiVirus.
....FIELD: Give us some highlights about this report that you have done.
TIPPETT: Well the report is different from most things we read in security because this is the actual data from our investigations of over 600 cases of computer crime that were the worst in the world; 90% of whatever made it to the major media were cases that we investigated; a third of all cases that have ever been published were cases that we investigated.
The quick, short story for the bank and financial industries this year is they have had an increase in organized crime and they were entirely focused at the financial sector, very focused. We saw an increase in sophisticated tool use. But the good news is that in all of those cases, they got in through some easy way. They got in somewhere on a non-sensitive, non-critical device where the password was password, or where it wasn't patched two years ago, or where it was a little SQL injection attack....
...FIELD: Now one of the interesting things I have heard secondhand about this report is that you talk about where a lot of these attacks are coming from and we've got people putting a lot of energy, particularly in financial services, on the insider threat. I am told that what you find sort of dispels some of that myth.
TIPPETT: Yeah. We all learned that 80% of all giant attacks are insider. But it turns out that 75% of our data is outsider and 30% or 40% are partner-type outsiders. Only 20% have anything to do with insiders and half of those were duped by the outsider, so only in the vicinity of 10% are true insider attacks, so it is not a very common mechanism. And again, this is of the bigger attacks... (Full interview at bankinfosecurity.com)
Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!
Shameless plug
the Best Identity Theft Protection available dot com
Posts
