Alle Storys
Folgen
Keine Story von Verizon Business mehr verpassen.

Verizon Business

Verizon Business Data-Breach Report Examines Industry-Specific Challenges

Basking Ridge, New Jersey (ots/PRNewswire)

- Supplemental Analysis From Four-Year, Landmark Study Finds Need
for  Tailored Strategies
Enterprises should assess their security strategies knowing that
the challenges differ significantly by industry and that a
one-size-fits-all approach is rarely effective. Those are the key
findings in a supplemental analysis of data breaches released by
Verizon Business today.
The latest study is based on the 2008 Verizon Business Data
Breach Investigations Report, issued in June. The landmark report
analyzed breaches spanning four years and more than 500 forensic
investigations involving 230 million compromised records including
three of the five largest breaches ever reported.
In its supplemental analysis, Verizon Business security experts
used the original data to provide a rare glimpse at the differences
and similarities among attacks across four key industries: financial
services, high-tech, retail and food and beverage. The four groups
studied constituted a sufficient sample size for independent data
analysis.
"The supplemental report provides further insight into the nature
of breaches, underscoring that good security does not lend itself to
a cookie-cutter approach," said Dr. Peter Tippett, vice president of
research and intelligence, Verizon Business Security Solutions.
"Understanding what happens when a data breach occurs is critical to
proactive prevention. Through our more targeted analysis, we are
hoping to provide answers to businesses around the globe that want to
protect not only their data but their reputation."
                       Key Findings Across Industries
    Findings, by vertical market, include:
    Financial Services
    - Financial services face a greater risk from insiders, whereas partners
      represent the chief source of risk for other industries analyzed.
    - A blend of attack types is used against financial services, with deceit
      and misuse as the most common attacks.
    - On average, attacks take longer and tend to be more sophisticated.
      Discovery often takes weeks, although financial services organizations
      generally learn of breaches more quickly than other types of
      organizations.
    - Relative to other industries, financial organizations
      demonstrated a higher level of asset awareness. Breaches associated with
      unknown or lost systems, data, connections and privileges occurred far
      less frequently.
    High-Tech Services
    - The picture in high-tech services is complex. More than any other
      industry, errors were a contributing factor and attacks were fairly
      sophisticated. Though presumably tech-savvy, high-tech organizations
      had a difficult time keeping track of information assets and system
      configurations.
    - Malicious insiders are a big issue. Insider misuse, which refers to
      using granted resources or privileges, or both, for any unauthorized
      purpose, is much higher in high-tech. Such behavior is inherently
      difficult to control in a culture where workers often have high levels
      of access to many systems.
    - Hacking is significant. Tech firms tend to do a better job on basic
      system and application configurations, forcing attackers to rely on
      vulnerabilities to compromise systems. A consistent and comprehensive
      approach to patch deployment is often lacking.
    - Attacking Web applications represents the most common method of
      intrusion. Additionally, the percentage of breaches involving
      intellectual property is higher in the high-tech community.
    Retail
    - Retail represents the largest portion of the overall cases analyzed.
    - Many attacks exploit remote access connections, but Web applications
      are also frequently targeted. Attacks on wireless networks are growing
      and are significantly higher than in any other industry.
    - Simple attacks are prevalent, but a considerable number of more
      difficult attacks were employed against retail establishments.
    - Retail is highly reliant on third-parties to discover breaches.
      Typically, discovery happens more quickly than in food and beverage but
      lags behind both the finance and high-tech industries.
    - Overall, attacks against this industry are largely opportunistic,
      seeking quick payloads of data that can easily be used for fraudulent
      purposes.
    Food and Beverage
    - Most breaches originate from external sources but leverage a
      partner's trusted remote access connection as the point of entry into
      online repositories of payment card data.
    - These attacks rely on poor security configurations rather than
      application or software vulnerabilities, are quickly executed and
      are highly repeatable.
    - Many attacks exploited point-of-sale systems that criminals use to
      stage additional attacks and spread malware (corrupt software)
      throughout food and beverage chain establishments.
    - It takes food and beverage organizations a considerable amount of time
      to learn of a breach. When they do, the discovery is almost always made
      by a third party.
Tippett added, "This report clearly shows it's not about clever
or complex security protection measures. It really boils down to
doing the basics from planning to implementation to monitoring of the
data."
To access the Verizon Business Supplemental Report, please click
below: http://www.verizonbusiness.com/resources/security/databreachsu
ppwp.pdf.
A complete copy of the 2008 Data Breach Investigations Report is
available at: http://www.verizonbusiness.com/resources/security/datab
reachreport.pdf.
To blog about this report, visit us at:
http://securityblog.verizonbusiness.com/.
About Verizon Business
Verizon Business, a unit of Verizon Communications (NYSE: VZ),
operates the world's most connected public IP network and uses its
industry-leading global-network capabilities to offer large-business
and government customers an unmatched combination of security,
reliability and speed. The company integrates advanced IP
communications and information technology (IT) products and services
to deliver leading enterprise solutions including managed services,
security, mobility, collaboration and professional services. These
solutions power innovation and enable the company's customers to do
business better. For more information, visit www.verizonbusiness.com.
VERIZON'S ONLINE NEWS CENTER: Verizon news releases, executive
speeches and biographies, media contacts, high-quality video and
images, and other information are available at Verizon's News Center
on the World Wide Web at www.verizon.com/news. To receive news
releases by e-mail, visit the News Center and register for customized
automatic delivery of Verizon news releases.
    Web site: http://www.verizonbusiness.com
              http://www.verizon.com/news
              http://securityblog.verizonbusiness.com
       http://www.verizonbusiness.com/resources/security/databreachreport.pdf
       http://www.verizonbusiness.com/resources/security/databreachsuppwp.pdf

Contact:

Clare Ward, +44-118-905-3501, clare.ward@verizonbusiness.com, or
Janet Brumfield, +1-614-723-1060, janet.brumfield@verizon.com, or
Junaidah Dahlan, +65-6248-6827,
junaidah.dahlan@sg.verizonbusiness.com, all of Verizon Business

Weitere Storys: Verizon Business
Weitere Storys: Verizon Business
  • 15.05.2008 – 03:02

    Verizon Business Expands Access to Global Audio-Conferencing Services

    Basking Ridge, New Jersey (ots/PRNewswire) - - Customers Globally Now Benefit From Cost Effective Local Conferencing Access From China Verizon Business has further expanded global access to its audio-conferencing services, enabling even more of its multinational customers to realise cost efficiencies by accessing audio meetings through local dial-in numbers from around the globe. The company, a leading ...

  • 12.02.2008 – 06:36

    Verizon Business Extends Managed Local Area Network Service to EMEA and Asia-Pacific

    Basking Ridge, New Jersey (ots/PRNewswire) - - End-to-End Management Solution Enhances Network Performance; Allows Customers to Focus on Core Business Verizon Business' managed local area network (LAN) service is now available in Europe, the Middle East, Africa and the Asia-Pacific region, in addition to the United States. Verizon Managed ...