Symantec Global internet Security threat report
Fraud <1% Insider <1%
Insecure policy 35%
Insecure policy 26%
Figure 1. Data breaches that could lead to identity theft by cause and identities exposed12 Source: Based on data provided by OSF DataLoss DB
In 2009, 60 percent of identities exposed were compromised by hacking attacks, which are another form of targeted attack. the majority of these were the result of a successful hacking attack on a single credit card payment processor.13 the hackers gained access to the company’s payment processing network using an SQL-injection attack. the attackers then installed malicious code designed to gather sensitive information from the network, which allowed them to easily access the network at their convenience. the attacks resulted in the theft of approximately 130 million credit card numbers. An investigation was undertaken when the company began receiving reports of fraudulent activity on credit cards that the company itself had processed. the attackers were eventually tracked down and charged by federal authorities.
this type of targeted hacking attack is further evidence of the significant role that malicious code can play in data breaches. Although data breaches occur due to a number of causes, the covert nature of malicious code is an efficient and enticing means for attackers to remotely acquire sensitive information. Furthermore, as is discussed in the “Threats to confidential information” metric, the frequency of malicious code threats that expose confidential information underscores the significance of identity theft to attackers who author and deploy malicious code.
According to the Symantec State of Enterprise Security Report 2010, 75 percent of enterprises surveyed experienced some form of cyber attack in 2009, showing that this issue is not limited to a few larger enterprises.14 protecting the enterprise infrastructure and information, developing and enforcing it policies, and properly managing systems can help mitigate or prevent targeted attacks. Administrators can limit potential exposure to attack activity by securing endpoints, messaging, and Web environments, as well as by implementing policies to remediate threats. Distributing patches and enforcing patch levels through automated processes can also prevent exploitation of known vulnerabilities.
12 13 14
Due to rounding, percentages might not equal 100 percent. http://voices.washingtonpost.com/securityfix/2009/01/payment_processor_breach_may_b.html http://www.symantec.com/content/en/us/about/presskits/SES_report_Feb2010.pdf : p. 8