Verizon Data Breach Report Reveals Depth of Breach Problem

By David Mortman, The New School of Information Security

Last night, the fine folks at Verizon posted the 2009 version of the DBIR.  I haven’t had time to do a full deep dive yet, but I thought I’d share my initial notes in the meantime. Stuff in italics is from the DBIR, regular text is me:

Five ways to survive a data breach investigation

From CSO (Bill Brenner)
When the digital forensics crew comes in to investigate a possible data breach, company executives often make matters worse by not being prepared.  To help companies deal with this issue, CSOonline talks to the experts [csoonline.com] and offers these five steps that can be taken to ensure a smooth investigation that ends with the company’s reputation intact. 

Radical steps are needed to fix Internet security

The Internet as we know it today was designed to be a place where people could go about their business, whatever it happened to be, anonymously and without interference from other users. This model worked reasonably well for a long time, but it’s become painfully clear in recent months that some fundamental changes are needed in the way people use the network and, more importantly, how their PCs are allowed to behave.

From Orlando Sentinel (Richard Burnett)
With unemployment soaring, identity thieves are increasingly preying on unsuspecting job seekers by stealing personal information and trying to cash in on it.

The scams run the gamut from fake help-wanted ads and job-search services to bogus resume-posting Web sites, part of a new arsenal of weapons targeting millions of recently unemployed people.  Read the full story [sunsentinel.com]

From SearchMidmarketSecurity (Mike Chapple)

Many SMB IT administrators face a serious challenge when it comes to delivering serious security to their users. They may not have the budget or expertise they need and outsourcing can be expensive and troublesome if it’s not approached in the right way. As Mike Chapple writes on SearchMidmarketSecurity.com, asking a few key questions up front can be the difference between success and failure.

From internetnews.com (Alex Goldman)
Valentine’s Day is a the season for social engineering, as many people hope for a note from a mysterious and fascinating someone and are therefore more willing to open suspicious messages and attachments than at any other time.
Unfortunately, it is now the season for data theft. It’s at tax time that the highest quantity of valuable data crosses the Internet and data thieves are surely hoping for a feast. Tax data is valuable not just because it contains financial information but also for the personal information it contains. Read the full story [internetnews.com]

From DarkReading (Tim Wilson)
Despite recent headlines and instances of insider attacks, many companies still are not acting to protect themselves [darkreading.com] from insider threats, according to two new analyst reports.
Although 88 percent of the respondents to a Forrester Research study said they consider data security a “challenging issue,” some 40 percent of respondents said they had no interest in, no plans for, or no knowledge of emerging tools for information leak protection.  Read the full story [darkreading.com]  See related story from Matt Hines [eweek.com]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.