Verizon Data Breach Investigations Study
Verizon recently released their 2010 study on data breaches.  This year’s study was a joint effort with the United States Secret Service (USSS), and the study gives insight into who is behind data breaches, how breaches occur, and what commonalities exist among the breaches.
This is the third year for the study, so you can see how items are trending.  For instance, “who was behind the breach†found that the leading reason is (still) external sources; these accounted for (% of all breaches):
2008: 73%
2009: 74%
2010: 70%
The leading reason that breaches occur is due to privilege misuse; however, the study notes that hacking and malware (reasons #2 and #3 on the list) were responsible for 95% of data that was compromised.
There are two pieces of good news in the study.  There was a 50% decrease in the number of records that were compromised; 285 million records in the 2009 study dropped to 143 million in the 2010 study.  And 96% of breaches were avoidable through simple or intermediate controls.
Finally, the study notes that 79% of the breached companies did not have PCI DSS compliance.
If you want help understanding how to achieve PCI DSS compliance, contact me.
Note: The first study (2008) covered 4 years of breaches, while the 2009 and 2010 studies covered 1 year of breaches (the previous year).