12:47 PM
Sara Peters
Sara Peters
Connect Directly

Tippett To Discuss Verizon Breach Report

Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.

Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.I initially blogged here about the 2009 report on April 15--Verizon Data Breach Investigations Report Once Again Makes Us Question Everything.

Last year, CSI Director Robert Richardson did a two-part video interview with Peter Tippett on the 2008 report. Watch part 1 here, and part 2 here.

Our full press release follows:


    Contact: Robert Richardson (610) 604-4604 Sara Peters (212) 600-3066

    Verizon Business' Peter Tippett to Discuss Company's Just-Released 2009 Data Breach Investigation Report at CSI SX May 18

    Study Reveals Significant Rise in Targeted Attacks, and Organized Crime Involvement;

    Financial Services Industry Sees Largest Increase; Most Breaches Avoidable if Proper Precautions Taken

    NEW YORK - Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.

    According to the recently released study, Verizon Business investigated data breaches involving 285 million records-more compromised electronic records than the previous four years combined. The second annual study -- based on data analyzed from Verizon Business' actual caseload from 90 confirmed breaches -- revealed that corporations fell victim to some of the largest cybercrimes ever during 2008. The financial sector accounted for 93 percent of all such records from breaches the company investigated last year, and a staggering 90 percent of these records involved groups identified by law enforcement as engaged in organized crime.

    "The compromise of sensitive information increased dramatically in 2008 and it's past time to be vigilant about enterprise security," said Tippett. "This report should serve as another wake-up call that good security and a proactive approach are paramount to running a business in this day and age -- particularly since the economic crisis is likely to trigger a further increase in criminal activity."

    Verizon Business' findings say to the industry that we may not have our priorities straight, and may be acting on faulty information. On May 18 at CSI SX, Tippett will dig into the most exciting and surprising findings of the report in his talk, "Inside the Worst Data Breaches: How Do the Worst Data Breaches Really Happen?" For example, although many enterprise security teams worry about privileged insiders, Verizon's investigations found that over 90 percent of the breached records were accessed by organized crime. Similarly, although many companies are worried about loss and theft of mobile devices, Verizon's investigations found that 99 percent of the breached records were online Web assets, not data stored on stolen laptops or misplaced thumb drives.

    The 2009 Data Breach Investigations Report concluded that mistakes and oversight failures hindered security efforts and that simple actions can reap big benefits. CSI SX will delve deeply into these issues with extensive coverage on Web security and on advanced targeted attacks. ####

    About CSI

    Computer Security Institute (CSI) serves the needs of the information security community through conferences that set the industry standard (CSI SX and CSI Annual) and other events, membership, and research such as the annual CSI Computer Crime and Security Survey. The CSI mission is to lead the way to provoke effective security, by not only answering security's questions but by questioning the answers.

    About CSI SX: Security Exchange CSI Security Exchange focuses on the topics of utmost importance to IT security today: virtualization, web 2.0, cloud, data protection and security management. CSI SX '09 will provide attendees with the latest strategies for implementing new technologies, protecting organizations in the economic downturn, and maximizing shrinking budgets without compromising security. CSI SX is held in conjunction with Interop, the leading IT business conference in Las Vegas every spring,

    For more information on CSI and CSI conferences, please, or

    About Verizon Business

    Verizon Business, a unit of Verizon Communications (NYSE: VZ), operates the world's most connected public IP network and uses its industry-leading global-network capabilities to offer large-business and government customers an unmatched combination of security, reliability and speed. The company integrates advanced IP communications and information technology (IT) products and services to deliver leading enterprise solutions including managed services, security, mobility, collaboration and professional services. These solutions power innovation and enable the company's customers to do business better. For more information, visit

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-10-30
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

Published: 2014-10-30
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.

Published: 2014-10-30
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.

Published: 2014-10-30
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

Published: 2014-10-30
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vect...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.