"We are not seeing James Bond or Star Trek type attacks or anything we haven't seen before," says Dave Ostertag, Verizon Enterprise Solutions global investigations manager. "The bad guys are using the same techniques as five to eight years ago."
The report found an astounding increase in the number of data breaches reported, but a decline in the amount of data stolen. Just over 760 data breaches were reported in 2010, compared to 900 total in the six previous years. But only 4 million records were compromised -- that's a lot, but a lot less than the 144 million compromised in 2009.
That seeming disconnect is the result of a couple of trends: Security systems are protecting large-scale data networking operations, driving the bad guys to go after smaller, unprotected operations such as mom-and-pop retailers. And a growing amount of what's being stolen today is intellectual property that can be used to damage a business, but isn't measured in number of data records.
"That kind of data theft involves only one buyer -- someone who can use information about business processes, corporate earnings or some other intellectual property to damage a business," Ostertag says.
Other notable trends:
Why this matters
Verizon's annual report gives enterprises a road map for how to spend their limited corporate dollars to reduce vulnerability to security breaches, based on what current attacks look like. Ostertag also used the report to warn enterprises that a new cycle of large-scale attacks -- those designed to capture a large volume of credit card numbers or other monetizable data -- may start soon, and the industry needs to be prepared.
For more
Managed security remains a sweet spot for service providers. Here's a look at some recent announcements in this realm:
Managed security services are a great idea for carrier service offerings, but the carrier networks themselves are generally shockingly unprotected. Default passwords left open on network nodes, no centralized logging of NE command interaction, and no centralized administration of user privileges, password aging, or contractor access are not the exception -- they're the rule.