Verizon Business has released its 2011 Verizon Data Breach Report [PDF], and it's brimming with interesting statistics that are well worth a closer look by any security-minded IT worker. Among its findings: The total number of compromised records has dropped substantially over the past couple of years, but not because organizations have come up with a superior recipe for defending their networks.
As background, the annual Verizon Data Breach Report is quickly becoming one of the most influential computer crime reports in the industry. One of its big benefits is that it is collated from actual hacking incidents and doesn't rely on inexact computer surveys, voluntary company reporting, or human kindness. The findings in the report are taken from organizations in the midst of a malicious hacking event. Verizon has previously partnered with U.S. Secret Service, and it added cases from the Dutch National High Tech Crime Unit for this year's report. All together, the three agencies tracked about 800 new data compromise incidents.
[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. | Get a dose of daily computer security news by following Roger Grimes on Twitter. ]
The reported drop in total number of compromised records from 361 million individual compromised records in 2008 to just 4 million last year doesn't surprise me for two reasons. First, attackers are continually employing more focused forms of attack, looking for company intellectual property and financial data (to accomplish high-value bank transfers). Phishers and credit card fraudsters are looking for credit card information to resell for a few dollars per record. Today's APT (advanced persistent threat) attacks are aimed at taking over entire companies. At that level, individual data records just aren't that interesting.