Verizon has released its 2010 Data Breach Investigations Report this year, a study conducted by the Verizon RISK teak in cooperation with the United States Secret Service.
Among the findings are that 70% of data breaches resulted from external agents,48% were caused by insiders, 11% implicated business partners, and 27% involved multiple parties.
Among the data breaches studied, 48% involved privilege misuse, 40% resulted from hacking, 38% utilized malware, 28% employed social tactics, and just 15% comprised physical attacks.
Other interesting findings are that 98 of all data breached came from servers, 85% of attacks were not considered highly difficult, 61% were discovered by a third party, 86% of victims had evidence of the breach in their log files, 96% of breaches were avoidable through simple or intermediate controls, and 79% of victims subject to PCI DSS, a set of comprehensive requirements for enhancing payment account data security, had not achieved compliance.
Tthe 2010 Data Breach Investigations Report is the third installment in Verizon's series. The 2008 DBIR was a retrospective covering four years (2004-2007) of Verizon’s caseload in one massive data collection effort. The 2009 report opened the door to more active observation, greater detail, and new areas of study. This year's report adds the contributions (in data and expertise) of the United States Secret Service (USSS). The Verizon IR team worked over 100 cases in 2009; 57 of them were confirmed breaches. The 257 qualified cases in the USSS dataset included 84 cases from 2009, 102 cases from 2008, and 71 cases from 2007. The primary dataset analyzed in the report contained the 141 (57 + 84) confirmed breach cases worked by Verizon and the USSS in 2009
The complete report can be downloaded here.