Verizon boosts Australian data-breach team

Verizon Business has tripled the size of its Australian data-breach investigations team to handle a growing number of breaches in Asia-Pacific.

Today it launched its Data Breach Investigations report based on global customer data and information last year from the US Secret Service, the arm of government that dealt with protecting that nation's financial systems from fraud and cybercrime.

More than half of the 100 cases investigated by Verizon last year were outside the US; 57 were data breaches.

Including 84 of Secret Service's data-breach cases last year, the report covered more than 143 million compromiseed data records.

Verizon noted that details of about two-thirds of cases in its report would never be disclosed because disclosure was not mandatory in many countries.

Although data breaches had declined, Verizon found its investigations last year were "quite large and complex", involving many parties, countries, related incidents and assets.

Its Asia-Pacific managing principal of Investigative Response, Mark Goudie, told iTnews that its Australian team grew 300 percent between 2008 and 2009.

Declining to disclose figures for competitive reasons, Goudie said Verizon relocated staff from other regions to Australia, making this the biggest team in the region.

He blamed the arrest and conviction of US hacker Albert Gonzalez for driving some cybercrime away from the US towards Asia-Pacific about last September.

"Almost straight away, computer crime in the US seemed to stop," Goudie said. "There was a significant uprising in computer crime and attacks in the APAC region at that time."

Hackers sought "anything they can convert into currency or can help with organized crime" - including personally identifiable information and payment card data, he said.

Australia's small, online retailers with up to 100 employees were found to be especially susceptible because hackers targeted "low-hanging fruit", with limited security capabilities, he said.

But even big, data-rich organisations in financial services, hospitality and retail industries fell folly to attacks that Verizon considered avoidable "if security basics had been followed".

iTnews has reported data breaches at Atlassian and StGeorge Bank during the past year. According to an August 2009 survey by the Ponemon Institute, two in three Australian organisations experienced a serious data breach that year.

"In most cases, it's the little things - a web server or system being out of date - the attackers are just looking for the one weak link," Goudie said.

Although 87 percent of data breach victims had evidence of the breach in their log files, 61 percent relied on a third party to discover the breach.

Malicious insiders, privilege misuse and social engineering tactics were blamed for 49, 48 and 28 percent of breaches, respectively, although Verizon noted that results could be skewed by the types of cases studied by the Secret Service.

Patchable vulnerabilities ceased to be an issue but SQL injection, stolen credentials, backdoors and customised malware were on the rise.

An otherwise secure company was caught out by sharing payment infrastructure with another, less secure company on the same web server, Goudie said.

Verizon had not detected increased risks in cloud computing or virtualisation although Goudie said it was "looking quite closely" at these areas.

"There are walls in between virtualised machines," he said. "We have not seen any links [between the technologies and increased data breach occurrences]."

Verizon's top data breach preparation tips for Australian organisations

1)  Use a firewall to filter outbound and inbound data.

2)  Ensure that servers never prompt an internet connection.

3)  Improve discovery-response times with usage logs.

4)  Ensure systems are current and there were no weak links.

5)  Prepare to handle compromised systems.