Biz & IT —

Data breaches increasingly caused by hacks, malicious attacks

A study by Ponemon Institute found that malicious and criminal attacks were …

Data breaches increasingly caused by hacks, malicious attacks

A new study of data breaches has found that criminal and malicious attacks accounted for 37 percent of corporate data breaches in 2011, a six percent rise from 2010. The study, performed by Ponemon Institute and sponsored by Symantec, also found that these attacks were much more costly to companies than breaches caused by software or hardware failures or by internal negligence.

The study followed 49 organizations over the course of 2011, surveying over 400 IT, compliance and security professionals associated with them. While the research showed that the average cost to companies per compromised customer record had dropped to its lowest point since 2006—$194 per record—the cost of records lost through criminal and malicious acts was much higher, averaging $222 per record.

This is the first time since 2007 that criminal activity has accounted for more than a third of data breaches in Ponemon Institute's survey. More than two-thirds of malicious attacks were achieved through some sort of electronic exploit—only 28 percent involved the physical theft of data storage devices. Trojans, botnets and other malware were at the root of half of criminal and malicious data breaches reported by the companies surveyed. Corporate websites were breached through SQL injection in 28 percent of the cases reported .

The study also found that 33 percent of criminal and malicious breaches involved insiders—meaning that at in at least five percent of criminal breaches, an employee or contractor either installed malware intentionally or otherwise purposely exposed corporate data. Those figures, the Institute's researchers wrote in their report, show that companies still need to pay greater attention to addressing the insider threat.

Channel Ars Technica