Report: Fraud level of 2008 hit all the records

Last 6 months were full of news on all kind of frauds online. InternetRetailer.com has published an interesting article. So, according to the site 2008 saw more electronic records breaches than previous four years combined. 

More electronic records were breached in 2008 than the previous four years combined, fueled by a targeting of the financial services industry, including credit card transactions with retailers, and a strong involvement of organized crime, according to the “2009 Verizon Business Data Breach Investigations Report.” What’s more, a massive 81% of affected organizations subject to the Payment Card Industry Data Security Standard had been found noncompliant prior to being breached. 

The second annual study is based on data analyzed from Verizon Business’ caseload comprising 285 million compromised records from 90 confirmed breaches. 31% of the breaches were in retail, and 93% of the compromised records fell into the category of financial services, which includes credit card transactions with retailers. 

The study revealed that companies fell victim to some of the largest cybercrimes ever during 2008, with 90% of these breaches involving groups identified by law enforcement as engaged in organized crime. 

Nearly nine out of 10 breaches were considered avoidable if security basics had been followed, Verizon Business says. Most of the breaches investigated did not require difficult or expensive preventive controls: Mistakes and oversight failures hindered security efforts more than a lack of resources at the time of a breach, the company says. 

“The compromise of sensitive information increased dramatically in 2008, and it’s past time to be vigilant about enterprise security,” says Peter Tippett, vice president of research and intelligence at Verizon Business Security Solutions. “This report should serve as another wake-up call that good security and a proactive approach are paramount to running a business in this day and age—particularly since the economic crisis is likely to trigger a further increase in criminal activity.” 

The study also found that: 
•    Most breaches resulted from a combination of events rather than a single action. 64% of breaches were attributed to hackers who used a combination of methods. In most successful breaches, the attacker exploited some mistake committed by the victim, hacked into the network and installed malware on a system to collect data. 
•    In 69% of cases, the breach was discovered by third parties. The ability to detect a data breach when it occurs remains a huge stumbling block for most organizations. Whether the deficiency lies in technology or process, the result is the same. 
•    Nearly all records compromised in 2008 were from online assets. Despite widespread concern over desktops, mobile devices and portable media, 99% of all breached records were compromised from servers and applications. 
•    Roughly 20% of 2008 cases involved more than one breach. Multiple distinct entities or locations were individually compromised as part of a single case, and half of the breaches consisted of interrelated incidents often caused by the same individuals. 
•    Tippett says that companies like Verizon Business, which aid other companies—including retailers—in protecting electronic information, are being constantly challenged. 

“Our task is not getting any easier; the sum total of information in the world grows continually and permeates everything we do and everywhere we go,” he adds. “While the majority of attacks remain rather mundane, the criminals are adapting to our current protection strategies and inventing new ways to attain the data they value.”