Data breach volumes drop as criminals target smaller firms

Almost as many data breach incidents occured last year as during the six previous years combined, but the number of records compromised fell dramatically as criminals launched smaller scale attacks, according to Verizon Business.

The firm's annual Data Breach Investigations Report covers 760 data breaches, the largest to date, yet the number of records stolen fell from 143 million in 2009 to just 3.8 million last year.

This is likely to be down to cyber criminals targeting smaller organisations using relatively unsophisticated attacks, but the trend is unlikely to last, given that demand for stolen records is on the rise again, according to Dave Ostertag, global investigations manager at Verizon Business Security Solutions.

This huge increase in smaller external attacks also accounted for the fact that 92 per cent of breaches were caused by outsiders in 2010, a big increase from the previous year.

Hacking and malware were the most prevalent types of attack, the criminals using tried and tested methods to breach systems such as SQL injection, key-loggers, backdoors and RAM scraper malware, said Ostertag.

"We're not actually seeing this Star Wars type technology we've never seen before - these are techniques that have been about for the past five to 10 years," he said.

"There are no techniques we haven't seen before so we'd recommend the same advice. You don't need to spend tens of millions on new products to stop all these pervasive threats. Just take that money and improve your basic security programme."

Steps such as improving access controls, auditing user accounts, monitoring those with privileged access and eliminating unnecessary data from systems can all help, he added.