Shared Infrastructure Greatly Aids In Data Breaches

According to a new report from Verizon Business, when organizations share infrastructures it greatly causes data breaches as has been observed in Australia during 2009.

The report tilted "Data Breach Investigations Report" was prepared jointly with the USSS (United States Secret Service) for 2009. Talking about its findings, Mark Goudie, managing principal of Verizon Business Investigative Response, APAC stated that data breaches resulting from customized and undetectable malware tended to shift to those that associated with shared infrastructure. ComputerWorld published this on July 28, 2010.

In a survey related to the report, respondents said that numerous attacks had occurred which arrived via irrelevant company websites. Consequently, clients' web infrastructure could subsequently be affected via shared files.

Furthermore, according to the report, well-planned criminals, who made unauthorized access and stole data, grabbed 85% of the entire lot during 2009, while 38% of all data hacks exploited login credentials that had been stolen.

Additionally, the report also disclosed that almost half (50%) of data intrusions related to user privilege misuse, 40% involved hacking, 38% employed malicious programs, 28% employed tactics of social engineering, while approximately 15% were physical assaults.

No data breach occurred which abused a patched security flaw. That proves that the most usual techniques of hacking i.e. stolen credentials, backdoors, and SQL injections abuse flaws whose patches are not readily available.

Meanwhile, Verizon further indicated that the majority of breaches, which originated offshore, emerged from East Asia, Eastern Europe and North America.

However, to remain safe from data hacks, specialists on computer security suggested that organizations needed to make their employees aware of Internet threats in the same way as they did of offline threats. Moreover, patches were essential towards safeguarding from accidental data leaks. Yet, the patches shouldn't restrict to merely those for operating systems, but must also cover those for ubiquitous applications like Adobe Flash and Acrobat. Further, the patches must be installed at the earliest.

Lastly, it's recommended that Australian enterprises shun utilizing shared infrastructures whilst accumulating, processing alternatively transferring data of sensitive nature, according to Goudie in an advice to companies wanting for ensuring self-defense against data breaches.

Related article: Short-lived Malware Attacks Changing the Web Threats Landscape

» SPAMfighter News - 8/9/2010