The number comes from a study of 90 data breaches investigated by Verizon Communications Inc., which is hired to do a post-mortem on most big computer intrusions.

No victims are identified in the report. Many of the breaches arent even public. That can happen if law enforcement insists on secrecy because of an ongoing criminal investigation, or if personally identifiable information wasnt lost in the hack.

In many breaches, especially involving lost or stolen laptops, the records arent used for anything at all.

Verizons study looked only at breaches involving attacks that resulted in compromised records being used in a crime, like making counterfeit credit cards and buying homes and medical coverage under someone elses identity – and on their dime.

The company found that 90 percent of the breaches it investigated could have been avoided with basic security measures.

One of those is recognizing how valuable so-called “non-critical” computers are to hackers.

Peter Tippett, vice president of research and intelligence for Verizons business security solutions division, says criminals arent looking to crash through the front door with a brazen computer attack. Often theyre content to feel around the edges and look for vulnerabilities that can get them in through the equivalent of a side window.

Even by tapping into computers of low-level employees who dont handle sensitive data, hackers can get a toehold for installing more malicious software that scans the network traffic and looks for vulnerabilities in other computers.

The study also found that data breaches are getting more severe because criminals are using sophisticated new programs that were custom-designed for particular attacks and werent known to the security community or law enforcement.

Verizon says 93 percent of all compromised records in its study came from the financial sector.

—

On the Net:

http://www.verizonbusiness.com

Source