After a post I did yesterday, (If Cybercriminals are Focusing on PIN's, Shouldn't Someone Be Focusing on Security?) some numbers kept sticking in my head.
Now I'm no statistician, but I was playing with those numbers in my head and came up with an interesting thought...which led to a question which I pose below...
First the numbers:
1. 93% of breaches were targeted at the financial sector: (Last year Verizon investigated 90 breaches with 285 million records stolen, of which 93% were accounted for by the financial sector...)
2. 92% of breaches are software related... - TowerGroup
3. 90% of breaches were committed by organized crime syndicates - Verizon
4. PIN's are the new focus of cybercriminals - "Organized crime was responsible for (90%) nine in 10 breaches, with an explosion of attacks targeting PIN data" - Verizon
So...here's my question...first, I asked myself, if PIN's are the new focus of cybercriminals... if 93% of breaches occur at Financial Institutions and 92% are software related (with "organized crime" being responsible for 90% of the attacks) then...
"Organized Crime Syndicate?"
Anybody Want to Take an Educated Guess?
Finally I'll make this last promise or take a lunch bet with anyone...that once software PIN goes live, within a month an FTP site will arise with user's PAN and PIN numbers.
I One-Hundred-Percent (100%) guarantee it.
More electronic records were breached in 2008 than the previous fouryears combined, according to a report published today by VerizonBusiness Systems.
This second annual study -- based on data analyzed from VerizonBusiness' actual caseload comprising 285 million compromised recordsfrom 90 confirmed breaches -- revealed that corporations fell victim tosome of the largest cybercrimes ever during 2008, the company said.
The financial sector accounted for 93 percent of all suchrecords compromised last year, and a staggering 90 percent of theserecords involved groups identified bylaw enforcement as engaged in organized crime.
Verizon Business investigative experts found, as they did inthe company's first report covering 230 million compromised recordsfrom 2004 to 2007, that nearly nine out of 10 breaches were consideredavoidable if security basics had been followed. Most of the breachesinvestigated did not require difficult or expensive preventivecontrols.
(Click any graphic to enlarge)