Sunday, August 8, 2010

2010 Verizon DBIR

2010 Verizon Data Breach report has been published, here are some of the highlights of the report:


  • 98% of breaches came from servers and application assets and the top type of asset in this category were databases. 
  • 48% of breaches involved privilege misuse. 
  • 48% were caused by insiders, this is a 26% increase from last year. 90% of these were as the result of deliberate and malicious activity.
  • 98 % of breaches were avoidable through simple or intermediate controls, this is 9% increase from last year.
  • 94% of all compromised records in 2009 were attributed to Financial Services.
  • Payment card data accounted for 78% of total records breached followed by personal information and bank account data.
  • The web continues to be a common path of malware infection. This is often accomplished through SQL injection or after the attacker has root access to a system.
  • In terms of enabling access, backdoors were logically atop the list again in 2009 (tied with keyloggers). 
  • 97% of the 140+ million records were compromised through customized malware.
  • The use of stolen credentials was the number one hacking type.
  • Breaches involving end-user devices nearly doubled from last year. Much of this growth can be attributed to credential-capturing malware.
  • 86% of victims of data breaches had evidence of the breach sitting in the log files of their databases.


Apart from the recommendation provided by Verizon in the report, here are some more recommendations


  • Identify where your data is.
  • Classify the data and identify the criticality.
  • Make the business people aware of the risk and have them classify the data they handle.
  • Identify compliance requirements such as PCI and implement required controls.
  • Apply additional controls such as DRM tools to secure financial data.
  • Implement tools to control and monitor privileged user activity.
  • Make users accountable for misuse of credentials.
  • Segment the network and implement proper filtering rules on the firewalls (both inbound and outbound).
  • Implement tools to monitor database activity.
  • Implement more effective tools such as application white listing to control malware activity on desktops and servers.
  • Perform proper log analysis and real time threat detection based on logs and network traffic patterns with tools such as network anomaly detection.
  • Practice incident response.


The full report can be downloaded from here.

  

Posted by at

1 comment:

Steven said...

Your recommendations are on the money. One of the most important aspect organizations don't do is "identify where the data is". If you don't do that rest of the controls are useless.

October 7, 2010 at 1:33 AM

Post a Comment

Subscribe to: Post Comments (Atom)