Basic defenses absent at most breached sites

Despite rising concerns that cyberattacks are growing more and more sophisticated, hackers used relatively simple methods for 97% of data breaches in 2011, according to a report compiled by Verizon.

The findings suggest that organizations are overlooking basic precautions even as they buy new security systems. Verizon also found that in 80% of attacks, hackers hit so-called victims of opportunity -- poorly defended sites that happen to catch their eye -- rather than targeting specific companies.

Based on investigations into over 850 data breaches, the report was compiled with help from the U.S. Secret Service and with input from law enforcement agencies in the U.K., the Netherlands, Ireland and Australia, according to Verizon.

For the first time, attacks by so-called " hacktivist" groups such as Anonymous breached more records -- over 100 million -- than did hackers looking specifically to steal financial or personal data.

Often, the breached companies lacked firewalls, had ports open to the Internet or used default or easy-to-guess passwords, said Marc Spitler, a Verizon security analyst.

All told, he said, "it is about going back to basic security principles."

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on

Read more about security in Computerworld's Security Topic Center.


Copyright © 2012 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon