Study on Data breaches by Symantec and Verizon
By siliconindia   |   Thursday, 21 April 2011, 18:50 IST
Printer Print Email Email
India: The year 2009 - 2011 has been potential years for cyber criminal all over the world. Threats to one's data security have occupied a serious concern. Internal security is a painful arena to deal with. Symantec Internet Security Threat Report XVI revealed that organizations across the world spent an average of $7.2 million (Rs 32 crore) in 2010 to deal with damages caused by data breaches. According to the 2011 Verizon Data Breach Investigation Report the number of breaches in 2010 skyrocketed to 760 from 141. The Report points out that Indian Banking Financial Services Insurance companies were the most targeted sectors from November 2010. India has been second largest generator of malicious code across the world and is the third highest generator of spam. India's social networking audience grew 43 percent in 2010. It has the seventh largest social networking market. According to Symantec's research over 80 percent of Indian organizations give employees access to social networking sites. And 73 percent of people go for the shortened URLs on social networks. However a strange and usual shift in trend has been reported by Verizon Report. There has been staggering increase in the rate of crimes but most of them related to small data thefts. On average in 2009 the number of records stolen per breach was about 1.02 million. Credit card and bank details top the charts. However intellectual property of companies has become the hotbed for these cyber criminals now. Other interesting arenas of cyber crimes arena are payment card numbers to intellectual property, information about business processes and deals being made between businesses. Use of phishing emails to breach secure organizations like Oak Ridge National Laboratory and RSA are stark examples of strong presence of Data thefts in these companies. Oak Ridge, a U.S. Department of Energy-run research lab, this week disclosed it had shut down all Internet access and email services after discovering a sophisticated data stealing malware program on its networks. The breach originated in a phishing email that was sent to about 570 employees. Verizon Report stated that financial institutions in previous years accounted for 90 percent or more of compromised records, but that fell dramatically in 2010 to 35 percent. This might be because of the concentration criminals are focusing more on other thefts than credit card numbers. These include theft of intellectual property, authentication data, and turning machines into bots to serve botnets. The Google admitted that it had been targeted by sophisticated hackers and it termed the hacking as - the advanced persistent threat. Advanced persistent threat attacks are supposed to be sophisticated and highly targeted data exfiltration exercises conducted by spies or agents working on behalf of nation states. It has become easier for some companies to say they were the victims of an advanced persistent threat (APT) attack rather than admitting their security fail. These internal data security threats reports once again works as a reminders for the organizations to work on their internal security issues and not take the excuse of Advance persistent threat every time. The companies need to keep a check are their Employees are selling them out, are their Laptops on the Loose, is there any Unintentional Access and Disgruntled Ex-Employees or any Missing Security Patches.

siliconindia