2010 Data Breach Investigations Report Released
Wade BakerJuly 28th, 2010
As many of you know, we publish a series of reports covering forensic engagements worked by Verizon’s Investigative Response team. For the past several years we’ve dug into the who, what, when, where, how, and why of organizational data breaches and passed our findings on to you in the DBIR. We’re big proponents of the belief that you can’t manage what you can’t measure and so are always looking for better ways to measure factors critical to managing security. Analyzing first-hand evidence collected during breach investigations offers a rare and powerful chance to do this.
We’ve already announced that this year’s DBIR is a joint effort between Verizon and the U.S. Secret Service. We hope you’ll benefit from (and enjoy) the results, analysis, recommendations, and commentary in the report. However, we also hope that you will recognize it as a proof point that sensitive data can be shared anonymously, responsibly, securely, and effectively between organizations. Our field is in desperate need of more high-quality accessible data and collaborating among ourselves is the only way we’re going to get there.
This report is interesting in terms of analyzing trends. Last year, we reported on our own caseload. This year, we added an entirely new dataset. It shouldn’t be surprising that this changed some of our results substantially. We discuss these changes and potential reasons for them throughout the report. Equally interesting to the those changes, however, are the results that didn’t change. We’ve always wondered (and so have you) whether certain findings were unique to Verizon’s caseload or truly indicative of the general population. The fact that Secret Service data shows many results that are very similar to our own is a compelling revelation.
In addition to sharing case data using the VERIS framework, the Secret Service provided two appendices to the 2010 report. One delves into online criminal communities and the other focuses on prosecuting cybercrime using Albert Gonzalez as a case study (the Secret Service was instrumental in tracking and bringing him to justice).
We’d love to hear your thoughts, questions, arguments, discussions, etc on this report. You can, of course, comment on this blog; operators are standing by. If you don’t want a public conversation, you can email us at dbir@lists.verizonbusiness.com.
We wish you happy and fruitful reading.
Tags: Computer Crime, Cybercrime, Data Breach Report, Data Breaches, forensics, Incident Response, Information Security
Yay,yay,yay!
The single most important Information Security document of the year and, besides my payslip, the document I look forward to most in my job.
(Actually, the breach report is usually nicer reading)
Well done guys. Thank you for this and keep it up!
Posted by: Allen Baranov on July 28th, 2010 at 7:52 amThis narcissistic vulnerability pimp is definitely looking forward to reading it on the plane later today.
Posted by: Wesley McGrew on July 28th, 2010 at 1:58 pmThank you for this comprehensive report. It is of great value for IT security specialists. The information is an eye-opener and guides management in the correct direction. All too often in my experience technicians and management get caught up in the hardware or software solution. In reality it is social engineering and the data through alternative methods.
Thanks.
Posted by: Steve D. on July 28th, 2010 at 2:29 pmAll:
Congratulations on a job well done! This report is so very valuable to the IT industry at large. The obvious challenge is to get folks to do something with the information like ACT. Our product engineers and customers find this information critical to directions in Security, in particular the Insider Threat and how to approach or treat it in the future.
Thanks Again!
Posted by: Bill Johnson on July 28th, 2010 at 4:37 pmWill there be the Investigations Suppliment Report like last year? I found this report very helpful in explaining threats to our team.
Posted by: Mark on July 28th, 2010 at 10:00 pm@Mark –
Not quite sure yet. We always wait to see reaction and requests when contemplating the supplemental reports. One thing is for sure though – you’ll see more from us in various forms over the rest of the year.
Posted by: Wade Baker on July 28th, 2010 at 11:44 pmMore importantly… is there an Easter Egg this year too?
Don’t want to know what it is… just if there is one.
Posted by: Allen Baranov on July 29th, 2010 at 1:00 pm@Allen –
Hmmm…I wonder…
Posted by: Wade Baker on July 29th, 2010 at 2:17 pmThank you to Verizon and the USSS for producing a valuable report to help bridge the dialog gap between the business and information technology communities on this very important topic of information security.
Posted by: Jaime Chanaga on August 3rd, 2010 at 6:16 amI appreciate the “big picture” view of what is going on. There is good insight in your report that we can all use to tighten policies and apply more common sense security principals. It’s too easy to get overwhelmed in regulations and day to day busy-ness and then forget about the obvious threats like this.
Posted by: James Fraze on August 13th, 2010 at 4:54 pmPlease explain: How do the 19% breaches through web drive-by (page 23) work, if not through one of the none patchable vulnerabilities (page 29) of the usual suspects adobe, flash, quicktime ??
Posted by: Klaus Hartnegg on August 22nd, 2010 at 8:04 pm@Klaus
This is a questions we’ve received several times (and for good reason). Many auto-infecting or drive-by downloads do exploit a patchable vulnerability but some exploit browser/system settings and configuration as well. The ones that we observed in 2009 did the latter although it should be noted that 3 *may have exploited a bug but we were unable to determine this in the forensic analysis (for various reasons).
Posted by: Wade Baker on August 24th, 2010 at 5:39 pm