Verizon Releases Data Breach Investigation Report - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
Commentary
6/18/2008
11:39 AM
Randy George
Randy George
Commentary
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Verizon Releases Data Breach Investigation Report

The Verizon Business Investigative Response team recently released a report detailing the facts and figures associated with system breaches from more than 500 cases over the past 4 years. The report mostly contains obvious information regarding the who, what, where, and how of most data breaches, but it's worth reading. There were some pretty interesting statistics and factoids contained in the piece.

The Verizon Business Investigative Response team recently released a report detailing the facts and figures associated with system breaches from more than 500 cases over the past 4 years. The report mostly contains obvious information regarding the who, what, where, and how of most data breaches, but it's worth reading. There were some pretty interesting statistics and factoids contained in the piece.As I read through the report, here's what jumped out at me.

• 73% of data breaches resulted from external sources, including business partners.

• The Retail, Food & Beverage and Financial Services industries were disproportionate targets of data breaches, clearly due to their concentration and possession of personal credit card data.

• While 73% of data breaches came from outside sources, the damage done in terms of the number of records compromised paled in comparison with the damage done by internal attacks. The median number of records compromised by an internal job was 375,000.

• 80% of breaches were classified as low to medium in terms of difficulty to execute. Only 17% were deemed to be of a high difficulty to execute, which high difficulty being defined as needing specialized skills and resources in order to pull off the hack.

• 70% of the time, victims of breaches are notified by third parties. That's a pretty interesting fact, so what's the cause? Do IT shops lack the tools? Does the market lack an integrated, easy to manage offering to solve the problem? Are IT shops just not watching? I suspect all three are factors.

Here's the most shocking and alarming statistic for me: • 90% of breaches utilized exploits for which there was a patch available for at least 6 months. Now I won't claim to be the most diligent engineer when it comes to applying security patches to my servers, but if you get hacked using an exploit for which there's been a fix for 6 months, you, and I, have no one to blame but ourselves.

Want to read the full report? Follow this link.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
White Papers
More White Papers
Slideshows
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Commentary
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
News
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll