Verizon, a global broadband and telecommunications company has a sizeable enterprise business, of which security is growing. This division provides consultancy services for large and small businesses globally.
Bryan Sartin, Director, Investigative Response, Verizon, spoke to Business Line about the recent Data Breach Investigation Report (DBIR), an annual initiative that it undertakes with the US Secret Service and other global law enforcement agencies and touches upon security issues that confronted corporates and individuals in 2011.
What does DBIR say about security in 2011?
To understand technology security you have to look at what happened last year. Civil and cultural uprisings such as the Arab Spring, Wikileaks and Occupy Wall Street were one side of the story.
This went beyond the physical world as activism took the shape of ‘hacktivism’ – retaliation against establishments and even pranks took on a new shape. While these activities encompassed more than data breaches like Distributed Denial of Services (DDoS) attacks, which means denying access to Web sites through technology, theft of corporate and personal information was certainly on the rise.
According to our report that spans 855 data breaches, 174 million records were compromised in 2011. This is the second-highest data loss that the Verizon RISK (Research Investigations Solutions Knowledge) team has seen since it began collecting data in 2004.
Do you think with globalised India Inc, adequate investments are being made in areas such as corporate espionage?
While Indian companies have certainly made some investments on this front, the awareness to do so when we talk to them is on the rise.
According to our data, 98 per cent of the corporate data threat is external. As a result of the rise in external attacks, the proportion of internal incidents declined in 2011. Hacking accounted for 81 per cent of the incidents, and malware caused 69 per cent of data breaches and 95 per cent of compromised records.
What about using social networks to perpetrate breach security?
While threats emanating from social networks were 7 per cent (down by 4 per cent compared with 2010), it was responsible for a higher data loss.
In other words, risk to personal information continues to be high despite security advances?
Yes, personal information is increasingly becoming a choice target. In 2011, 95 per cent of records lost included personal information, compared with only 1 per cent in 2010. Given the recent hack on LinkedIn – wherein 6.5 million usernames and hashed passwords were published on a Russian hacker forum – social forums such as these that store a wealth of personal information about users need to adopt very high standards of security.