Perimeter
5/14/2009
12:47 PM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Tippett To Discuss Verizon Breach Report

Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.

Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.I initially blogged here about the 2009 report on April 15--Verizon Data Breach Investigations Report Once Again Makes Us Question Everything.

Last year, CSI Director Robert Richardson did a two-part video interview with Peter Tippett on the 2008 report. Watch part 1 here, and part 2 here.

Our full press release follows:

    FOR IMMEDIATE RELEASE May 14, 2009

    Contact: Robert Richardson (610) 604-4604 Sara Peters (212) 600-3066

    Verizon Business' Peter Tippett to Discuss Company's Just-Released 2009 Data Breach Investigation Report at CSI SX May 18

    Study Reveals Significant Rise in Targeted Attacks, and Organized Crime Involvement;

    Financial Services Industry Sees Largest Increase; Most Breaches Avoidable if Proper Precautions Taken

    NEW YORK - Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.

    According to the recently released study, Verizon Business investigated data breaches involving 285 million records-more compromised electronic records than the previous four years combined. The second annual study -- based on data analyzed from Verizon Business' actual caseload from 90 confirmed breaches -- revealed that corporations fell victim to some of the largest cybercrimes ever during 2008. The financial sector accounted for 93 percent of all such records from breaches the company investigated last year, and a staggering 90 percent of these records involved groups identified by law enforcement as engaged in organized crime.

    "The compromise of sensitive information increased dramatically in 2008 and it's past time to be vigilant about enterprise security," said Tippett. "This report should serve as another wake-up call that good security and a proactive approach are paramount to running a business in this day and age -- particularly since the economic crisis is likely to trigger a further increase in criminal activity."

    Verizon Business' findings say to the industry that we may not have our priorities straight, and may be acting on faulty information. On May 18 at CSI SX, Tippett will dig into the most exciting and surprising findings of the report in his talk, "Inside the Worst Data Breaches: How Do the Worst Data Breaches Really Happen?" For example, although many enterprise security teams worry about privileged insiders, Verizon's investigations found that over 90 percent of the breached records were accessed by organized crime. Similarly, although many companies are worried about loss and theft of mobile devices, Verizon's investigations found that 99 percent of the breached records were online Web assets, not data stored on stolen laptops or misplaced thumb drives.

    The 2009 Data Breach Investigations Report concluded that mistakes and oversight failures hindered security efforts and that simple actions can reap big benefits. CSI SX will delve deeply into these issues with extensive coverage on Web security and on advanced targeted attacks. ####

    About CSI

    Computer Security Institute (CSI) serves the needs of the information security community through conferences that set the industry standard (CSI SX and CSI Annual) and other events, membership, and research such as the annual CSI Computer Crime and Security Survey. The CSI mission is to lead the way to provoke effective security, by not only answering security's questions but by questioning the answers.

    About CSI SX: Security Exchange CSI Security Exchange focuses on the topics of utmost importance to IT security today: virtualization, web 2.0, cloud, data protection and security management. CSI SX '09 will provide attendees with the latest strategies for implementing new technologies, protecting organizations in the economic downturn, and maximizing shrinking budgets without compromising security. CSI SX is held in conjunction with Interop, the leading IT business conference in Las Vegas every spring,

    For more information on CSI and CSI conferences, please www.gocsi.com, www.csisx.com or www.csiannual.com.

    About Verizon Business

    Verizon Business, a unit of Verizon Communications (NYSE: VZ), operates the world's most connected public IP network and uses its industry-leading global-network capabilities to offer large-business and government customers an unmatched combination of security, reliability and speed. The company integrates advanced IP communications and information technology (IT) products and services to deliver leading enterprise solutions including managed services, security, mobility, collaboration and professional services. These solutions power innovation and enable the company's customers to do business better. For more information, visit www.verizonbusiness.com.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0640
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.

CVE-2014-0641
Published: 2014-08-20
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.

CVE-2014-2505
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

CVE-2014-2511
Published: 2014-08-20
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.

CVE-2014-2515
Published: 2014-08-20
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.