I’ve been reading reviews of the 2009 DBIR today and I gotta say – I’m surprised at the lack of snarling and teeth gnashing over our stats on who’s behind all these breaches and lost records. Last year, we received no shortage of comments (positive and negative) about insiders causing the fewest breaches. I won’t go into all the various reasons behind our findings here since that is done in the report. I would like to say that I was surprised at the disproportionality of Fig 8.

In an earlier version of the report, we had this as a pie chart. The ‘Only Partner’ and ‘Only Internal’ categories were little slivers but I think the tiny pin points represented above convey the message perfectly (besides, nobody likes being served itty-bitty pieces of pie). That big red circle speaks volumes as well and nearly all of it was attributed to organized crime. Reporting that statistic is not a ploy to turn the DBIR into some kind of novela full of thrill and intrigue. We believe it to be a critical driver of modern cybercrime. Criminals banding together and pooling their resources toward a common purpose is never a good thing, regardless of the medium.

What are we to do with the results of this section? What do they mean for enterprise security? What do they mean for your particular organization? You tell me.

Tags: Computer Crime, Cybercrime, Data Breach Report, Data Breaches, Data Compromise, forensics, Information Security, insider crime, misuse, organized crime, threat agents

This entry was posted on Wednesday, April 15th, 2009 at 2:00 am and is filed under 2009 Data Breach Report. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.