SAN FRANCISCO – RSA CONFERENCE 2012 — Verizon today offered a glimpse into the findings from its soon to be released “Data Breach Investigations Report” (DBIR). The DBIR is a comprehensive and well-respected report compiled each year by Verizon that reviews and analyzes breaches that occurred during the year from around the world.
According to Verizon, the full report will analyze more than 850 breaches, and include data from five law enforcement agencies including the U.S. Secret Service, the Dutch High Tech Crime Unit, the Irish Reporting and Information Service, the Australian Federal Police and the London Metropolitan Police. Approximately 10% of the breaches were investigated by Verizon, the company said.
The preview revealed that financial gain appeared to be the main motive for attack in 2011. However, Verizon says, consistent with the rise of “hacktivism” in 2011, they observed a clear increase in breaches perpetrated as acts of protest and retaliation. Related to these two divergent motives, organized criminal groups were once again behind the majority of incidents, but activist groups and disgruntled former employees made a rather damaging showing as well.
In terms of geographic origin of attacks, Verizon saw a fairly even mix between the Americas, EMEA, and APAC regions, with a slight majority leaning toward EMEA.
Moreover, Verizon’s analysis showed that 99% of all stolen data involved the use of some form of hacking and malware. Social engineering tactics, while less common, were also tied to over half of all data loss in the breaches investigated.
The table below lists the top 10 most-observed “threat actions” from breaches that occurred in 2011. “The list is relatively similar to prior years,” the preview notes. “It is abundantly clear that cybercriminals seek to overcome or undermine access control mechanisms in the process of locating and removing sensitive data.”
The “Verizon 2011 Investigative Response Caseload Review” is available here and provides topline findings from Verizon-investigated breaches that will be included in the upcoming report this spring.