Most movies portray computer hackers as brilliant geniuses operating from the privacy of a dark basement, but the reality is not as glamorous or harmless. A new study shows that most data breaches are facilitated by faulty codes and configuration errors that allow hackers to more easily access a company's database.
The 2010 Data Breach Investigations Report conducted by Verizon Communications and U.S. Secret Service Agency reveal that hackers are using vulnerabilities that are not fixed by vendor patches. These vulnerabilities include stolen log-in information and back door loopholes rather than using methods that most security analysts watch out for.
As a result, the report revealed that 96 percent of the data breaches they examined were preventable if companies would have followed the security basics. But, overall, the problem boiled down to computer analysts looking at sophisticated security measures rather than checking log-in volumes and credentials.
"Weak or stolen credentials, SQL injection and data-capturing, customized malware continue to plague organizations trying to protect information assets. Cases involving the use of social tactics more than doubled and physical attacks like theft, tampering and surveillance ticked up several notches," the report said.
Despite the reason a data breach occurs, companies are being urged by consumer advocates and government entities to put measures into place that will better protect consumers' security. A proposed bill introduced by Senators Mark Pryor of Arkansas and John Rockefeller of West Virginia would require companies to provide consumers with two years of credit monitoring services, credit reports or "[another] service that enables consumers to detect the misuse of their personal information," in the event of a breach.
"Data security breaches can wreak havoc on people's lives, leading to identity theft and threatening families’ financial stability," Pryor said. "As more and more of our personal information is collected and stored online and on computers, we need to ensure that the businesses storing this information are keeping it safe and giving us quick warning if it falls into the wrong hands."
Most companies offer one year of credit monitoring services to consumers following a data breach, but they are not currently required by law to do so. Consumers can also sign up for credit monitoring on their own to keep better tabs on their credit file.