Online attacks are on the wane, but that's because cybercrooks are opting for smarter, more targeted approaches to getting at corporate data.
Verizon and the U.S. Secret Service released their annual study on data security, observing that while there were a lot of data breaches over the past year, hackers got away with less data. The number of compromised records involved in data breaches investigated by the pair dropped from 144 million in 2009 to “only” 4 million in 2010, representing the lowest volume of data loss since the report's launch in 2008. Yet this year's report covers approximately 760 data breaches, the largest caseload to date.
It appears that cybercrooks are better targeting their efforts. According to the Verizon report, the seeming contradiction between the low data loss and the high number of breaches likely stems from a significant decline in large-scale breaches, caused by a change in tactics by cybercriminals.
“They are engaging in small, opportunistic attacks rather than large-scale, difficult attacks and are using relatively unsophisticated methods to successfully penetrate organizations,” the report says. “For example, only 3% of breaches were considered unavoidable without extremely difficult or expensive corrective action.”
This conclusion matches those of IBM's latest “X-Force 2010 Trend and Risk Report,” which suggests that spam and phishing attacks are leveling off. Also, mobile devices have not been compromised in any big way, yet. The bad news is that IT security threats are getting increasingly sophisticated and targeted.
Based on intelligence gathered through research of public vulnerability disclosures, and the monitoring and analysis of more than 150,000 security events per second during every day of 2010, the observations from the IBM X-Force Research team finds that more than 8,000 new IT security vulnerabilities were documented—a 27% rise from 2009. Public exploit releases were also up 21% from 2009 to 2010. This data points to an expanding threat landscape in which sophisticated attacks are being launched against increasingly complex computing environments.
There were significantly fewer mass phishing attacks relative to previous years, but there has been a rise in more targeted attack techniques. “Spear phishing,” a more targeted attack technique, grew in importance in 2010, as meticulously crafted e-mails with malicious attachments or links became one of the hallmarks of sophisticated attacks launched against enterprise networks. 2010 saw some of the most high-profile, targeted attacks that the industry has ever witnessed.
Verizon and the US Secret Service make the following recommendations for enterprises to keep data secure:
Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.
Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at email@example.com.
This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.
The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.
Register or login for access to this item and much more
All Digital Insurance content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access