Recently, while attending a security conference in Dallas, Texas, I had the pleasure of meeting members of the Verizon team that compiles the now annual Verizon Business Data Breach Investigations Report.  Their presentation at the conference was one of the best and most informative sessions and was full of useful data for the analysis of data breaches.

Today, Verizon has released this year’s edition of the report – the 2009 Verizon Business Data Breach Investigations Report examining data breaches that occured in 2008.

In coming days I will take an in-depth look at the report, but to whet your appetite here are some significant findings.

In 2008, the financial industry accounted for 93% of the 285 million compromised records and the following conclusions can be drawn from those breaches:

• Most data breaches investigated were caused by external sources.
• Most breaches resulted from a combination of events rather than a single action.
• In 69% of cases, the breach was discovered by third parties.
• Nearly all records compromised in 2008 were from online assets.
• Roughly 20 percent of 2008 cases involved more than one breach.
• Being PCI-compliant is critically important.

Additionally, according to the report:

• “Eastern Europe is known as a notorious haven for organized cybercrime outfits which played a major role in breaches throughout 2008. We have a great deal of evidence that malicious activity from Eastern Europe is the work of organized crime. On the bright sight, efforts with law enforcement led to arrests in at least 15 cases (and counting) in 2008.”

To see today’s full announcement click –> here.