Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

5/14/2009
12:47 PM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Tippett To Discuss Verizon Breach Report

Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.

Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.I initially blogged here about the 2009 report on April 15--Verizon Data Breach Investigations Report Once Again Makes Us Question Everything.

Last year, CSI Director Robert Richardson did a two-part video interview with Peter Tippett on the 2008 report. Watch part 1 here, and part 2 here.

Our full press release follows:

    FOR IMMEDIATE RELEASE May 14, 2009

    Contact: Robert Richardson (610) 604-4604 Sara Peters (212) 600-3066

    Verizon Business' Peter Tippett to Discuss Company's Just-Released 2009 Data Breach Investigation Report at CSI SX May 18

    Study Reveals Significant Rise in Targeted Attacks, and Organized Crime Involvement;

    Financial Services Industry Sees Largest Increase; Most Breaches Avoidable if Proper Precautions Taken

    NEW YORK - Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, will discuss the results of the company's "2009 Verizon Business Data Breach Investigations Report" (DBIR) at CSI SX: Security Exchange, taking place May 17-21 in Las Vegas.

    According to the recently released study, Verizon Business investigated data breaches involving 285 million records-more compromised electronic records than the previous four years combined. The second annual study -- based on data analyzed from Verizon Business' actual caseload from 90 confirmed breaches -- revealed that corporations fell victim to some of the largest cybercrimes ever during 2008. The financial sector accounted for 93 percent of all such records from breaches the company investigated last year, and a staggering 90 percent of these records involved groups identified by law enforcement as engaged in organized crime.

    "The compromise of sensitive information increased dramatically in 2008 and it's past time to be vigilant about enterprise security," said Tippett. "This report should serve as another wake-up call that good security and a proactive approach are paramount to running a business in this day and age -- particularly since the economic crisis is likely to trigger a further increase in criminal activity."

    Verizon Business' findings say to the industry that we may not have our priorities straight, and may be acting on faulty information. On May 18 at CSI SX, Tippett will dig into the most exciting and surprising findings of the report in his talk, "Inside the Worst Data Breaches: How Do the Worst Data Breaches Really Happen?" For example, although many enterprise security teams worry about privileged insiders, Verizon's investigations found that over 90 percent of the breached records were accessed by organized crime. Similarly, although many companies are worried about loss and theft of mobile devices, Verizon's investigations found that 99 percent of the breached records were online Web assets, not data stored on stolen laptops or misplaced thumb drives.

    The 2009 Data Breach Investigations Report concluded that mistakes and oversight failures hindered security efforts and that simple actions can reap big benefits. CSI SX will delve deeply into these issues with extensive coverage on Web security and on advanced targeted attacks. ####

    About CSI

    Computer Security Institute (CSI) serves the needs of the information security community through conferences that set the industry standard (CSI SX and CSI Annual) and other events, membership, and research such as the annual CSI Computer Crime and Security Survey. The CSI mission is to lead the way to provoke effective security, by not only answering security's questions but by questioning the answers.

    About CSI SX: Security Exchange CSI Security Exchange focuses on the topics of utmost importance to IT security today: virtualization, web 2.0, cloud, data protection and security management. CSI SX '09 will provide attendees with the latest strategies for implementing new technologies, protecting organizations in the economic downturn, and maximizing shrinking budgets without compromising security. CSI SX is held in conjunction with Interop, the leading IT business conference in Las Vegas every spring,

    For more information on CSI and CSI conferences, please www.gocsi.com, www.csisx.com or www.csiannual.com.

    About Verizon Business

    Verizon Business, a unit of Verizon Communications (NYSE: VZ), operates the world's most connected public IP network and uses its industry-leading global-network capabilities to offer large-business and government customers an unmatched combination of security, reliability and speed. The company integrates advanced IP communications and information technology (IT) products and services to deliver leading enterprise solutions including managed services, security, mobility, collaboration and professional services. These solutions power innovation and enable the company's customers to do business better. For more information, visit www.verizonbusiness.com.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/3/2020
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing Writer,  5/28/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10548
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10549
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10546
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10547
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-11094
PUBLISHED: 2020-06-04
The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as ...