Data breaches: it's criminals again

The majority of data breaches and almost all data stolen (98 per cent) is the work of criminals outside the victim organisation. That's according to the 2010 Data Breach Investigations Report (PDF) published by Verizon Business last week.

In this third annual report, the first to include data on financial crimes provided by the US Secret Service, the lessons are all too familiar. Overall, some 85 per cent of the attacks were considered not especially difficult. In the vast majority of cases there was evidence of the breach right there in the victims' system logs. Yet in 61 per cent of cases the victims didn't know about the breach until they were notified by third parties.

On Patch Monday this week, Stilgherrian speaks with one of the report's authors, Mark Goudie, who heads up the forensics practice for Verizon Business Asia-Pacific in Melbourne.

In other security news, Adobe announced that it will adopt Microsoft's model of sharing information about software vulnerabilities with security vendors before making public announcements — the Microsoft Active Protections Program (MAPP).

Jerry Bryant from Microsoft's Trustworthy computing team explains why they want to end the arguments about "full disclosure" of vulnerabilities versus "responsible disclosure", and work under this new model of "coordinated vulnerability disclosure".

Patch Monday also includes Stilgherrian's random look at some of the week's IT news headlines.

To leave an audio comment for Patch Monday, Skype to stilgherrian, or phone Sydney 02 8011 3733.

Running time: 24 minutes, 22 seconds.