Verizon's 2010 Data Breach Report found that the number of data breaches quintupled from 2009, highlighting the shift as cyber-criminals target smaller businesses.
While the number of data breaches soared in 2010, the amount of information
lost has dropped dramatically, according to Verizon's latest data breach
survey. The contradiction underscores what some security experts have been
saying: attackers are increasingly targeting smaller companies because it's
Released April 19, the latest "2011
Verizon Data Breach Investigations Report
" from Verizon Business counted
760 data breaches in 2010, compared to only 141 data breaches in 2009. Verizon
noted a dramatic decline of 97 percent in the number of compromised records in
2010, as compared to 2009.
In fact, in the seven years that Verizon has been working on this report,
the 2010 numbers set records for both the highest number of incidents and
lowest amount of data loss. Other data
reported similar dramatic drops in the number of compromised
records in 2010, as cyber-criminals shifted their focus toward smaller attacks.
"The number of incidents in 2010 was truly dramatic and equal to the total
number of breaches over six previous years," David Ostertag, the global
investigations manager for Verizon, told eWEEK.
Cyber-criminals targeted small businesses with between 11 and 100 employees
and did not worry about the biggest organizations, according to Ostertag. They
are less likely to get caught as many of those organizations do not have the
kind of security expertise in place to prevent or detect breaches, Ostertag
"The bad guys are exploiting people who haven't taken basic security
considerations into account in their small business," Ostertag said. The
attacker running an automated attack is looking for people who have "let their
guard down," according to Ostertag.
Hacking and malware were the most prominent types of attack, playing a role
in 50 percent and 49 percent of all cases examined in the report. The hacking
incidents generally involved weak or stolen login credentials. However, SQL
injection attacks remained the biggest and most effective attack mechanism.
A significant majority, 92 percent, of the breaches were blamed on an
outside party and not on a corrupt insider.
Even so, "internal agents are as threatening as before," said Ostertag,
noting that the smaller percentage was a direct result of the tremendous
increase in the overall number of attacks.