Spyware, remote control tools and SQL injection are the most common types of cyber attacks against business, according to the latest report from Verizon Business.
Keyloggers and spyware accounted for 19% of data breaches in 2009, and remote control tools and SQL injection attacks were each involved in 18% of incidents.
The 2009 Data Breach Investigations Supplemental Report on the anatomy of data breaches, details 12 other popular attack methods.
The report is aimed at giving businesses greater insight into data breaches by detailing the attack methods and effective countermeasures.
Based on the 2009 Verizon Business Data Breach Investigations Report issued in April, the latest report includes warning signs and typical targets of attacks.
The original report analysed more than 90 forensic investigations involving 285 million compromised records.
The research team has received enquiries from companies around the world looking for more details of the attacks, said Peter Tippet, vice president of technology innovation at Verizon Business.
The supplemental report seeks to address requests for recommendations for deterring, preventing and detecting breaches, he said.
Incidents are rarely one-dimensional because they result from a series of actions both inside and outside the organisation, the report said.
There are usually multiple ways and chances to prevent attacks, the report said, but most businesses fail to act because they do not recognise the warning signs.
Data breach lessons
• You cannot detect everything
• You cannot prevent everything
• Striving for protection in any one control is inefficient
• Layer controls for superior effect and efficiency
• Controls that break the incident chain early are more efficient.