External threats coming from partner organisations pose a massive risk to corporate data security, according to a detailed report examining five hundred forensic data investigations by Verizon Business.

The Verizon report analyses hundreds of corporate data breaches, included were three of the top five largest ever reported, and found that while threats from insiders were the most devastating in terms of impact, the greater number of data breaches attributable to partner companies made them a greater risk factor.

While external (outside the organisation) attacks were far more common, (possibly because 90% of known internet vulnerabilities exploited had patches available for at least six months prior to the breach) the relative damage of these attacks was found to be alot lower.

“Business partners were involved in around 39% of the data breaches handled by our investigators,” the investigation states.

“In a scenario witnessed over again, a remote vendor’s details were compromised, allowing an external attacker to achieve top levels of access to the victim’s computer systems.”

A typical method of a partner security breach, explained Verizon Business’s director of investigative response, Bryan Sartin, involves an organised crime ring approaching employees in call centres or support jobs, and saying ‘if you don’t like your job or your boss, this is the solution’”.

It is a difficult system to crack and fairly safe for criminal organisations because “the person behind it is a pawn”. And despite being easily controllable through good access control ( Photo ID Cards ) on behalf of the outsourcing business, “nine out of 10 victims of partial insider security breaches believe they have unsurmountable controls on the partial insider connection. Sometimes they don’t even know where the data is stored,” he says.

“In around 70% of cases it’s a third party that informs the company, usually banks, law enforcement or customers. The business is usually caught unaware when it finds out. Often we don’t even need specialised forensic tools because the answers are in the data logs in black and white.”

Unexpectedly, the retail and food and beverage industries accounted for over half of the investigation conducted. Financial firms accounted for another 14% of investigations, while technology services, including software companies, data warehousing firms and telecommunication companies, take up 13% of cases.

Sartin says criminals are turning to easier targets as financial companies become more secure, choosing the path of lowest resistance.

Restaurant attacks are becoming increasingly common, he warns.

“If two out of three customers complaining of fraud attended the restaurant in the third week of December, we go and ask the proprietor if someone stole the bowl of business cards that was kept on the counter. They often say, ‘How did you know about that?’,” he explains, adding that matching credit card numbers to business cards allows a criminal to develop a valuable picture of the victim’s identity.

“You would expect attacks to be getting more sophisticated,” says Verizon’s manager principal of forensics Matthijs van der Wel, “but from a criminals point of view it’s easier to go for the soft target.”
The report comes as stockbroker Merchant Securities was fined ?77,000 by the Financial Services Authority for employing inadequate data security controls to protect sensitive customer information, including asking them about holidays and hobbies to identify customers over the phone.

Improve your Site security, Plastic Photo ID Cards are the ideal way to tighten security at minimal cost.

Be smart about everything - business, safety, money. Learn how to avoid 0 car finance traps.

1. Gas Stations and Convenience Stores - Strategies to Limit Crime. If you passed by a prominent advertisement for a gas...
2. Small Business: Is your approach as profitable as it could be? Everyone wants to be on top - whether it’s a...
3. Special Approach To Business Events - Marcus Evans Way Marcus Evans also takes care to be involved in activities...
4. Businesses Need a Background Check on Employees Background checks are similar to an insurance policy. Criminal background...
5. Team Building Anyone ? Renue Your Tired Employees There are several essential facts about Dallas corporate events that...