Perimeter
5/14/2009
12:47 PM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Tippett To Discuss Verizon Breach Report

Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.

Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.I initially blogged here about the 2009 report on April 15--Verizon Data Breach Investigations Report Once Again Makes Us Question Everything.

Last year, CSI Director Robert Richardson did a two-part video interview with Peter Tippett on the 2008 report. Watch part 1 here, and part 2 here.

Our full press release follows:

    FOR IMMEDIATE RELEASE May 14, 2009

    Contact: Robert Richardson (610) 604-4604 Sara Peters (212) 600-3066

    Verizon Business' Peter Tippett to Discuss Company's Just-Released 2009 Data Breach Investigation Report at CSI SX May 18

    Study Reveals Significant Rise in Targeted Attacks, and Organized Crime Involvement;

    Financial Services Industry Sees Largest Increase; Most Breaches Avoidable if Proper Precautions Taken

    NEW YORK - Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.

    According to the recently released study, Verizon Business investigated data breaches involving 285 million records-more compromised electronic records than the previous four years combined. The second annual study -- based on data analyzed from Verizon Business' actual caseload from 90 confirmed breaches -- revealed that corporations fell victim to some of the largest cybercrimes ever during 2008. The financial sector accounted for 93 percent of all such records from breaches the company investigated last year, and a staggering 90 percent of these records involved groups identified by law enforcement as engaged in organized crime.

    "The compromise of sensitive information increased dramatically in 2008 and it's past time to be vigilant about enterprise security," said Tippett. "This report should serve as another wake-up call that good security and a proactive approach are paramount to running a business in this day and age -- particularly since the economic crisis is likely to trigger a further increase in criminal activity."

    Verizon Business' findings say to the industry that we may not have our priorities straight, and may be acting on faulty information. On May 18 at CSI SX, Tippett will dig into the most exciting and surprising findings of the report in his talk, "Inside the Worst Data Breaches: How Do the Worst Data Breaches Really Happen?" For example, although many enterprise security teams worry about privileged insiders, Verizon's investigations found that over 90 percent of the breached records were accessed by organized crime. Similarly, although many companies are worried about loss and theft of mobile devices, Verizon's investigations found that 99 percent of the breached records were online Web assets, not data stored on stolen laptops or misplaced thumb drives.

    The 2009 Data Breach Investigations Report concluded that mistakes and oversight failures hindered security efforts and that simple actions can reap big benefits. CSI SX will delve deeply into these issues with extensive coverage on Web security and on advanced targeted attacks. ####

    About CSI

    Computer Security Institute (CSI) serves the needs of the information security community through conferences that set the industry standard (CSI SX and CSI Annual) and other events, membership, and research such as the annual CSI Computer Crime and Security Survey. The CSI mission is to lead the way to provoke effective security, by not only answering security's questions but by questioning the answers.

    About CSI SX: Security Exchange CSI Security Exchange focuses on the topics of utmost importance to IT security today: virtualization, web 2.0, cloud, data protection and security management. CSI SX '09 will provide attendees with the latest strategies for implementing new technologies, protecting organizations in the economic downturn, and maximizing shrinking budgets without compromising security. CSI SX is held in conjunction with Interop, the leading IT business conference in Las Vegas every spring,

    For more information on CSI and CSI conferences, please www.gocsi.com, www.csisx.com or www.csiannual.com.

    About Verizon Business

    Verizon Business, a unit of Verizon Communications (NYSE: VZ), operates the world's most connected public IP network and uses its industry-leading global-network capabilities to offer large-business and government customers an unmatched combination of security, reliability and speed. The company integrates advanced IP communications and information technology (IT) products and services to deliver leading enterprise solutions including managed services, security, mobility, collaboration and professional services. These solutions power innovation and enable the company's customers to do business better. For more information, visit www.verizonbusiness.com.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702
Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

CVE-2013-7406
Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2531
Published: 2014-10-21
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) R...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.