Verizon's 'Data Breach Investigations Report' Emphasizes Massive Risk Increases for Everyone

If you read some of the highlights of Verizon's 2010 Data Breach Investigations Report, one could easily accuse them of talking loud enough that you can actually 'hear them now'.

According to a recent study of nearly 800 breaches, as compiled by Verizon, the Secret Service and the National High Tech Crime Unit of the Netherlands, there was a mouth-dropping decrease in data records stolen, 144 million in 2009 down to only 4 million last year. But wait! The same study 'quintuples' data breaches for the same time frame, 141 in 2009 and a whopping 760 in 2010! Why the disparity? And should we jump up and down to celebrate, or pull out our hair from worry?

Verizon's RISK team contributes the shift to smaller targets with an increase in frequency. Industry pundits somewhat agree and feel prosecution of insiders or high-profile hackers like Albert Gonzalez may have deterred many who simply are choosing lesser exploits carrying lesser sentences. Attacks on small businesses are attractive in such the spotlight is dimmer and because of lax security practices mainly due to budget restraints, such open targets simply offer greater opportunities.

Verizon's report and the recent Epsilon attack clearly confirm data security breaches are on the rise. However, without disclosure of records stolen makes it difficult to assess the true threat level, which Epsilon, one of the world's largest database managers, remains mum.

Data Breach: Quality versus Quantity

Maybe it is not how much is being stolen but rather what is being stolen. David Ostertag, global investigations manager for Verizon, points out the shift in the type of data being sought by criminals. Apparently, payment cards are no longer the big attraction but rather intellectual property, such as business policies, practices, deals or source codes. Such an infringement threat has many a big businesses losing sleep with worry.

The well-crafted, spear phishing attack and ultimate theft of unknown Epsilon data records, is clear proof no one is exempt. Cybercriminals are employing sophisticated techniques and stealth malware tools to rip off their victims, whether Mr. Big Corporation, Ms. Small Business, or even you, little ole PC user. And whether it is a battle of choice or opportunity, scammers and hackers are knocking on your door early morning, mid-afternoon or late at night, and you need to be prepared to quickly turn off the lights and ensure your doors and windows are locked tight.

Bryan Sartin, Director of Investigative Response at Verizon and author of the report, was quoted as contributing 96% of the security breaches in 2010 to lack of preventable measures. Intermediate or simple controls such as updating default credentials, restricting use, security remote access, monitoring network logs and regularly review and patching of source code vulnerabilities might have greatly reduced the chances of an attack.

The same could be said for the everyday PC user. By instituting a few basic security measures, most intrusions and system security breaches could be blocked and could save persons the frustration of becoming victim to another greedy scam.

1. Install and keep an up-to-date antimalware solution on your PC.
2. Stay atop of software upgrades that patch known vulnerabilities.
3. Do not blindly open files or click on dubious links without consideration of Internet safety.
4. Protect your security authentication and never share it with 'anyone'.
5. Pirating is breaking the law and these illegal freebies are laced in germs.
6. Be careful when you surf since malicious websites are on the rise.