Shows & Panels
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- American Readiness: Renewable Power and Efficiency Technologies
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Delivering the Digital Government Mission
- Federal Executive Forum
- Federal News Radio's National Cyber Security Awareness Month Special Panel Discussion
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- Government Perspectives on Mobility and the Cloud
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- The New Generation of Database
- Reimagining the Next Generation of Government
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Verizon: Most data breaches avoidable
Friday - 7/30/2010, 4:10pm EDT
So, just how secure are Verizon's electronic records?
The 2010 Verizon Data Breach Investigations Report, based on a first-of-its kind collaboration with the U.S. Secret Service, has found that while the overall number of breaches declined from 2008, about 85 percent of breaches could have been avoided if basic security measures had been followed.
The study, released Wednesday, analyzed more than 900 breaches involving more than 900 million compromised records. The findings showed that the electronic breaches from 2009 involved more insider threats, a greater use of social engineering and the continuing involvement of organized criminal groups.
Wade Baker, the Director of Risk Intelligence at Verizon, says, "It's not a good statement of our general preparedness in the industry - we've got a lot of work to do."
While Verizon and other telecommunications companies are good at getting projects done, says Baker, the industry just isn't great when it comes to upkeep maintenance and quality management.
"It's a real struggle, and for many good and legitimate reasons," says Baker. "It's not ineptitude or a matter of people not caring - it's a challenge."
According to the report, many of the breaches fall into the category of inconsistent configuration and maintenance over time. Often, users and companies do not follow Verizon's recommendations to change the defaulted usernames and passwords on purchased technology.
Additionally, instances of social engineering have increased where criminal groups use people to call up users and ask for their passwords, rather than hacking or using technology to infiltrate network systems.
"Maybe the simple hacking technique doesn't work. So, what do you do next if you can't exploit systems and technology? You start exploiting people," says Baker.
The report concluded that the best defense against security breaches is being prepared. For the most part, organizations still remain slow in discovering and responding to incidents.
Sixty percent of breaches continue to be discovered by third parties, and then only after a considerable amount of time - often months. Usually, it's the credit card company or a law enforcement agency that alerts Verizon and others of possible breaches based on fraud patterns or underground chatter.
And while most victimized organizations have at least some evidence of a breach in their security logs, the evidence often gets overlooked due to a lack of staff, tools or processes.
"Clearly, there is some opportunity for improvement there," says Baker.
He says one area of improvement is patch management, when a breach is detected and subsequently fixed.
Baker says he would love to see organizations take a little more time deploying patches consistently and effectively across the organization.
Email the author of this report at firstname.lastname@example.org.