From: security curmudgeon (jerichoattrition.org)
Date: Wed Apr 15 2009 - 11:58:17 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Direct link:
http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf

--

http://securityblog.verizonbusiness.com/2009/04/15/2009-dbir/
Wade Baker
April 15th, 2009

Creating the single-year sequel to a four-year report on over 500 breach
investigations is a daunting prospect. While it would be impossible to
trump the sheer scope of the original 2008 DBIR, weve sought to preserve
its strengths and introduce some key enhancements for 2009. Here is some
of what you can expect in this release:

First, youll notice the report is quite a bit larger than last year.
Hopefully its worth the extra disk space (which isnt saying much given
current prices) and/or toner (which *is* saying a lot given current
prices). Rather than platitudes and pitches, weve worked to fill those
extra pages with real substance. Everyone loves data.

More data was possible, in part, due to an important methodological change
in 2008. Whereas the original DBIR reached back across four years in one
massive data collection effort, this data set was assembled periodically
throughout the year. This shift from historic to ongoing collection allows
for more detail on existing data points and opens the door to new areas of
study.

Weve also listened to your feedback and requests since the last report was
released. We couldnt possibly address everything but weve tried to be
responsive and accommodating. Your feedback was very much appreciated last
year and we covet your input again on this report. Over the next few days,
we will roll out posts for each major section in the report. If a section
intrigues you, youll find pointers in the document to the accompanying
post. Its your opportunity to tell us what you think and what youd like to
see next year.

Finally, 2008 was a crazy year in the world of data breaches. One might
argue it was a crazy year in general, but thats a different discussion. In
terms of cybercrime, the bad guys were really busy and, unfortunately,
really successful. We saw much of the same in 2008 but new twists and
trends undoubtedly emerged. The percentage of breaches in our caseload
involving financial service organizations, targeted attacks, and
customized malware all doubled in 2008. Its sure to win me the Captain
Obvious Award from the Securitymetrics list, but organized crime activity
increased and was responsible for over 90% of the 285 million records
compromised. The scales continue to tilt more and more toward servers and
applications as the point of compromise. I dont want to spoil the fun so
Ill close this out and let you get to the report.

As with last year, our goal is that the data and analysis presented in the
report prove helpful to the planning and security efforts of organizations
around the world. Beyond that, we also hope you simply find it an
enjoyable read. Cheers.
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]