The overall number of breaches investigated in 2009 declined year on year, which the US Secret Service described as 'positive'.
The data breach investigations report from Verizon, conducted alongside the US Secret Service, found that breaches of electronic records last year involved more insider threats, greater use of social engineering and the continued strong involvement of organised criminal groups. However it called the reduction in investigations a positive thing.
The report pointed to the arrest of Albert Gonzalez, who pleaded guilty to helping to run a global ring that stole hundreds of millions of payment card numbers and who was sentenced last year to 20 years in prison, as a reason for the decline in investigations.
It said that the decline in the overall number of data breaches may be due to a number of factors, including 'law enforcement's effectiveness in capturing criminals'.
Peter Tippett, vice president of technology and enterprise innovation at Verizon Business, said: “The reduction in breaches is a positive sign that we are gaining some ground in the fight against cyber crime.
“As we are able to share more information through the use of the VERIS security research framework to gather comparative security data such as the case load of the US Secret Service, we believe we will be even better equipped to arm organisations with best practices, processes, tools and services that will continue to make a difference.”
The report also found that stolen credentials were the most common way of gaining unauthorised access into organisations in 2009, with organised criminal groups responsible for 85 per cent of all stolen data last year. Also, only four per cent of breaches assessed required difficult and expensive protective measures.
It also concluded that being prepared remains the best defence against security breaches. It found that for the most part, organisations remain sluggish in detecting and responding to incidents and most breaches (60 per cent) continue to be discovered by external parties, even then only after a considerable amount of time.
Tippett said: “This year we were able to significantly widen our window into the dynamic world of data breaches, granting us an even broader and deeper perspective. By including information from the US Secret Service caseload, we are expanding both our understanding of cyber crime and our ability to stop breaches.”
Michael Merritt, US Secret Service assistant director for investigations, said: “The Secret Service believes that building trusted partnerships between all levels of law enforcement, the private sector and academia has been a proven and successful model for facing the challenges of securing cyber space.
“It is through our collaborative approach with established partnerships that the US Secret Service is able to help expand the collective understanding of breaches and continue to augment our advanced detection and prevention efforts.”