Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
P. 1
Data Breach Report

Data Breach Report

Ratings: (0)|Views: 63 |Likes:
Published by jolieodell

More info:

Published by: jolieodell on Mar 22, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

04/25/2014

pdf

text

original

 
2011
Data Breach
Investigations Report
A study conducted by the Verizon RISK Team with cooperation fromthe U.S. Secret Service and the Dutch High Tech Crime Unit.
 
2011 Data Breach Investigations Report
LEAD ANALYSTS/AUTHORS:
Wade BakerAlexander HuttonC. David HylenderJoseph Pamula, Ph.D.Christopher PorterMarc Spitler
AUTHORS:
Andy BonilloBen van Erck Mark GoudieJelle NiemantsverdrietChristopher Novak Raael PerelsteinMike RosenBryan SartinPeter Tippett, M.D., Ph.D.J. Andrew ValentineMen and women o theU.S. Secret ServiceMen and women o theDutch High Tech Crime Unit
CONTRIBUTORS:
Steve Adams Thijs BosschertEric BrohmCalvin ChangRon DormidoKylee EvansJason FisherEric GentryJohn GrimClarence HillKenny LeeWayne LeeKevin LongDavid OstertagMatthew SpeicherEnrico TelemaqueYuichi UzawaNicolas VillattePaul Wright
SPECIAL THANKS TO:
Christopher AbodBrianna BoyleMike BrubakerAnita Fortunato
 And our continued gratitudeto all those we’ve named beore and haven’t yet 
 TABLE OF CONTENTS
Executive Summary 2Year in Review, 201042010: The USSecret Service Perspective62011 DBIR: Methodology 7Verizon Data Collection Methodology7USSS Data Collection Methodology 8NHTCU Data Collection Methodology 8Classiying Incidents Using VERIS9 Turning the Incident Narrative into Metrics10A Word on Sample Bias 11Results and Analysis 11Demographics 122010 Threat Event Overview 15 Threat Agents 17Breach Size by Threat Agents19External Agents20Internal Agents 22Partner Agents 23 Threat Actions24Malware27Hacking 31Social 36Misuse 38Physical 40Error 42Environmental42Assets and Attributes43Compromised Data 47Attack Diculty 51Attack Targeting52Unknown Unknowns 53 Timespan oAttack54Breach Discovery Methods58Anti-Forensics                                                                 60PCI DSS Compliance                                                           62Conclusions and Recommendations 65Appendix A: Case Statistics rom the Dutch High Tech Crime Unit 68Appendix B: Project Taurus and the Bredolab Takedown 71About Verizon Investigative Response71About the United States Secret Service72About the Dutch National High Tech Crime Unit                                   72
For additional updates and commentary, please visit
or email the report authorsat
For inquiries directed to the United States Secret Service, contact
 
2
2011 Data Breach Investigations Report (DBIR)
Executive Summary
361 million
>>
144 million
>>
4 million
. Thus goes the tally o total records compromised across the combined caseloado Verizon and the United States Secret Service (USSS) over the last three years. Ater our years o increasing losses culminatingin 2008’s record-setting 361 million, we speculated whether 2009’s drop to 144 million was a uke or a sign o things to come.2010’s total o less than our million compromised records seems to suggest it was a sign. But o what? And is it a permanentchange in direction or a temporary detour? To help us answer that, we are very glad to have the United States Secret Service (USSS) back with us or the 2011 DBIR.Additionally, we have the pleasure o welcoming the Dutch National High Tech Crime Unit (NHTCU) to the team. Through thiscooperative eort, we had the privilege—and challenge—o examining
about 800 new data compromise incidents sinceour last report
(with 761 o those or 2010). To put that in perspective, the entire Verizon-USSS dataset rom 2004 to 2009numbered just over 900 breaches. We very nearly doubled the size o our dataset in 2010 alone!It is ascinating rom a research standpoint that the all-time lowest amount o data loss occurred in the same year as the all-time highest amount o incidents investigated. In addition to being the largest caseload ever, it was also extremely diverse inthe threat agents, threat actions, aected assets, and security attributes involved. We witnessed highly automated and prolicexternal attacks, low and slow attacks, intricate internal raud rings, country-wide device tampering schemes, cunning socialengineering plots, and much more. Some o the raw statistics may seem to contradict this claim o diversity (e.g., the percento breaches attributed to external agents is more lopsided than ever), but one must consider the change in scale. Whereas“10%” used to mean approximately 10-15 breaches across an annual caseload averaging 100-150, it now means 75 breachesin the context o the 2010 caseload. Consider that act as you digest and ponder results rom this year’s report.With the addition o Verizon’s 2010 caseload and data contributed rom the USSS and NHTCU, the DBIR series now spans7 years, 1700+ breaches, and over 900 million compromised records. We continue to learn a great deal rom this ongoingstudy and we’re glad to have the opportunity once again to share these ndings with you. As always, our goal is that the dataand analysis presented in this report prove helpul to the planning and security eorts o our readers. As usual, we begin witha ew highlights below. 
Who is behind data breaches?
92
%
stemmed rom external agents (
+22%
)I you’ve ollowed these numbers over the years, you may bethinking we change our position more than a proessionalcontortionist We’ll admit to a air share o head scratchingamong the RISK team as we tried to interpret what they weretelling us In 2009, breaches involving insiders shot up due toincorporating the USSS data, but returned again to pre-USSSlevels in 2010 (even though they’re still with us) Read thereport or the ull scoop on this, but it basically boils down toa HUGE increase in smaller external attacks rather than adecrease in insider activity Oh, and partner-caused breachescontinued their steady decline
17
%
implicated insiders (
-31%
)
<1
%
resulted rom business partners (
-10%
)
9
%
involved multiple parties (
-18%
)

Activity (2)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->