logo

  •   Submit to to del.icio.us   Submit to to digg   submit to to reddit   submit to to StumbleUpon   submit to to Google   Submit to to Yahoo!

Category: news | Posted by Avatar Staff 209 days ago
Via: http://lists.jammed.com | Tags: isn reports examine causes victims data breaches comments Discuss  


http://news.cnet.com/8301-10789_3-9965670-57.html



By Robert Vamosi

Defense in Depth

June 11, 2008



On Wednesday, Verizon Business released a four-year study [1] concluding

that 9 out of 10 corporate data breaches could have been prevented, had

appropriate security measures been taken. The Verizon report includes

the results of more than 5,000 forensic investigations, including three

of the largest data breaches ever reported.



Meanwhile, the Identity Theft Resource Center released its 2007 report

on identity theft [2], offering comparisons to data it's collected over

the last five years.



Verizon found that 73 percent of the data breaches were the result of

outside sources, with only 18 percent from insider threats. Of the

outside sources, 39 percent were attributed to business partners. Third

parties, not victimized organizations, discovered 75 percent of the

breaches.



Attack methods vary around the world, Verizon found. Attacks from Asia,

China and Vietnam in particular, often involve application exploits.

Attacks from the Middle East involve site defacements. And attacks from

Eastern Europe and Russia involve point-of-sale compromises.



The ITRC report looks at the other side: the impact of identity fraud on

its victims. In 2007, 57 percent of stolen information was used to open

a new line of credit, while 13 percent was used to order cable and or

other utility services.



Eighty-two percent of the victims learned of the theft through creditors

or collection agencies, up from 76 percent a year ago. Only 10 percent

found out through proactive measures, with 8 percent identifying

something on their credit reports.



More disturbing, 62 percent of the respondents to the ITRC survey

reported that thieves had committed crimes, such that warrants were

issued in the victim's name.



[1] http://www.verizonbusiness.com/about/news/displaynews.xml?newsid=25135&mode=vzlong&lang=en&width=530

[2] http://www.idtheftcenter.org/artman2/publish/headlines/pridtheftaftermath2007.shtml





_______________________________________________

Attend Black Hat USA, August 2-7 in Las Vegas,

the world's premier technical event for ICT security experts.

Featuring 40 hands-on training courses and 80 Briefings

presentations with lots of new content and new tools.

Network with 4,000 delegates from 50 nations.

Visit product displays by 30 top sponsors in

a relaxed setting. http://www.blackhat.com





addto Add this link to... report Bury 


Comments Who Voted Related Links
Copyright 2005-2008 Best of Security