Enterprises have been warned to stay vigilant of cyber attacks, with criminals going after quality data in online breaches, rather than quantity.
Verizon's latest annual report, co-authored with the US Secret Service and Netherlands Policy Agency, found the number of records compromised in data breaches fell from 144 million in 2009 to 4 million last year.
However, there were still 760 data breaches during 2010, the highest recorded level by the organisation.
According to the report, the contradiction between the low data loss and the high number of breaches stemmed from a significant decline in large-scale breaches, caused by a change in tactics by cyber criminals.
Verizon’s vice president of security and industry solutions, Peter Tippett, said in a statement that criminals were using unsophisticated methods to infiltrate organisations.
According to the report, outsiders were responsible for 92 per cent of breaches, an increase from last year's report.
"Although the percentage of insider attacks decreased significantly over the previous year (16 per cent versus 49 per cent), this is largely due to the huge increase in smaller external attacks," he said. "As a result, the total number of insider attacks actually remained relatively constant."
Hacking made up 50 per cent of attacks for the year, with weak and stolen passwords a common entry point for hackers.
Malware also remained an important point of infiltration at 49 per cent, often found to be sending data to an external appliance, opening backdoors, and key logging.
"Stolen passwords and credentials are out of control," said Tippett. "Failure to change default credentials remains an issue, particularly in the financial services, retail and hospitality industries."
For the first time, physical attacks such as compromising automatic teller machines (ATMs), made up 29 per cent of all cases investigated.
Tebbett said the best way to prevent data breaches was to use essential security practices such as focussing on security across all areas of the business.
"Many enterprises make the mistake of pursuing exceptionally high security in certain areas while almost completely neglecting others," he said.
"Businesses are much better protected if they implement essential controls across the entire organisation without exception."
He also recommended securing remote access servers and limiting access to sensitive information within the network as well as auditing user accounts.
"The best approach is to trust users but monitor them through pre-employment screening, limiting user privileges and using separation of duties."
In addition to online security, enterprises should also be aware of physical security such as ATMs and even gas pumps.
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU