Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

5/14/2009
12:47 PM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Tippett To Discuss Verizon Breach Report

Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.

Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.I initially blogged here about the 2009 report on April 15--Verizon Data Breach Investigations Report Once Again Makes Us Question Everything.

Last year, CSI Director Robert Richardson did a two-part video interview with Peter Tippett on the 2008 report. Watch part 1 here, and part 2 here.

Our full press release follows:

    FOR IMMEDIATE RELEASE May 14, 2009

    Contact: Robert Richardson (610) 604-4604 Sara Peters (212) 600-3066

    Verizon Business' Peter Tippett to Discuss Company's Just-Released 2009 Data Breach Investigation Report at CSI SX May 18

    Study Reveals Significant Rise in Targeted Attacks, and Organized Crime Involvement;

    Financial Services Industry Sees Largest Increase; Most Breaches Avoidable if Proper Precautions Taken

    NEW YORK - Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.

    According to the recently released study, Verizon Business investigated data breaches involving 285 million records-more compromised electronic records than the previous four years combined. The second annual study -- based on data analyzed from Verizon Business' actual caseload from 90 confirmed breaches -- revealed that corporations fell victim to some of the largest cybercrimes ever during 2008. The financial sector accounted for 93 percent of all such records from breaches the company investigated last year, and a staggering 90 percent of these records involved groups identified by law enforcement as engaged in organized crime.

    "The compromise of sensitive information increased dramatically in 2008 and it's past time to be vigilant about enterprise security," said Tippett. "This report should serve as another wake-up call that good security and a proactive approach are paramount to running a business in this day and age -- particularly since the economic crisis is likely to trigger a further increase in criminal activity."

    Verizon Business' findings say to the industry that we may not have our priorities straight, and may be acting on faulty information. On May 18 at CSI SX, Tippett will dig into the most exciting and surprising findings of the report in his talk, "Inside the Worst Data Breaches: How Do the Worst Data Breaches Really Happen?" For example, although many enterprise security teams worry about privileged insiders, Verizon's investigations found that over 90 percent of the breached records were accessed by organized crime. Similarly, although many companies are worried about loss and theft of mobile devices, Verizon's investigations found that 99 percent of the breached records were online Web assets, not data stored on stolen laptops or misplaced thumb drives.

    The 2009 Data Breach Investigations Report concluded that mistakes and oversight failures hindered security efforts and that simple actions can reap big benefits. CSI SX will delve deeply into these issues with extensive coverage on Web security and on advanced targeted attacks. ####

    About CSI

    Computer Security Institute (CSI) serves the needs of the information security community through conferences that set the industry standard (CSI SX and CSI Annual) and other events, membership, and research such as the annual CSI Computer Crime and Security Survey. The CSI mission is to lead the way to provoke effective security, by not only answering security's questions but by questioning the answers.

    About CSI SX: Security Exchange CSI Security Exchange focuses on the topics of utmost importance to IT security today: virtualization, web 2.0, cloud, data protection and security management. CSI SX '09 will provide attendees with the latest strategies for implementing new technologies, protecting organizations in the economic downturn, and maximizing shrinking budgets without compromising security. CSI SX is held in conjunction with Interop, the leading IT business conference in Las Vegas every spring,

    For more information on CSI and CSI conferences, please www.gocsi.com, www.csisx.com or www.csiannual.com.

    About Verizon Business

    Verizon Business, a unit of Verizon Communications (NYSE: VZ), operates the world's most connected public IP network and uses its industry-leading global-network capabilities to offer large-business and government customers an unmatched combination of security, reliability and speed. The company integrates advanced IP communications and information technology (IT) products and services to deliver leading enterprise solutions including managed services, security, mobility, collaboration and professional services. These solutions power innovation and enable the company's customers to do business better. For more information, visit www.verizonbusiness.com.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-2509
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later Q...
CVE-2020-36195
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29446
PUBLISHED: 2021-04-16
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29451
PUBLISHED: 2021-04-16
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.