2011 Data Breach Investigations Report by Verizon Business

361 million >> 144 million >> 4 million. Thus goes the tally of total records compromised across the combined caseload of Verizon and the United States Secret Service (USSS) over the last three years. After four years of increasing losses culminating in 2008’s record-setting 361 million, we speculated whether 2009’s drop to 144 million was a fluke or a sign of things to come. 2010’s total of less than four million compromised records seems to suggest it was a sign. But of what? And is it a permanent change in direction or a temporary detour?
To help us answer that, we are very glad to have the United States Secret Service (USSS) back with us for the 2011 DBIR. Additionally, we have the pleasure of welcoming the Dutch National High Tech Crime Unit (NHTCU) to the team. Through this cooperative effort, we had the privilege—and challenge—of examining about 800 new data compromise incidents since our last report (with 761 of those for 2010). To put that in perspective, the entire Verizon-USSS dataset from 2004 to 2009 numbered just over 900 breaches. We very nearly doubled the size of our dataset in 2010 alone!

It is fascinating from a research standpoint that the all-time lowest amount of data loss occurred in the same year as the all- time highest amount of incidents investigated. In addition to being the largest caseload ever, it was also extremely diverse in the threat agents, threat actions, affected assets, and security attributes involved. We witnessed highly automated and prolific external attacks, low and slow attacks, intricate internal fraud rings, country-wide device tampering schemes, cunning social engineering plots, and much more. Some of the raw statistics may seem to contradict this claim of diversity (e.g., the percent of breaches attributed to external agents is more lopsided than ever), but one must consider the change in scale. Whereas “10%” used to mean approximately 10-15 breaches across an annual caseload averaging 100-150, it now means 75 breaches in the context of the 2010 caseload. Consider that fact as you digest and ponder results from this year’s report.
With the addition of Verizon’s 2010 caseload and data contributed from the USSS and NHTCU, the DBIR series now spans 7 years, 1700+ breaches, and over 900 million compromised records.

We continue to learn a great deal from this ongoing study and we’re glad to have the opportunity once again to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of our readers. As usual, we begin with a few highlights below.

 

Read the whole report

NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"
Efficiency of the Vulnerability Response With vFeed Intelligence

Efficiency of the Vulnerability Response With vFeed Intelligence

CVE In The Hook – Monthly Vulnerability Review (March 2020 Issue)

CVE In The Hook – Monthly Vulnerability Review (March 2020 Issue)

Fox Kitten -Iranian Espionage – leveraged 4 CVEs Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs

Fox Kitten -Iranian Espionage – leveraged 4 CVEs Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs

Top 5 Critical CVEs Vulnerability from 2019 That Every CISO Must Patch Before He Gets Fired !

Top 5 Critical CVEs Vulnerability from 2019 That Every CISO Must Patch Before He Gets Fired !

2016 Top Security Tools as Voted by ToolsWatch.org Readers

2016 Top Security Tools as Voted by ToolsWatch.org Readers

ICS/SCADA Top 10 Most Dangerous Software Weaknesses

ICS/SCADA Top 10 Most Dangerous Software Weaknesses