Data Breaches Easy To Avoid, Report Finds

Data breaches are on the decline with the overall number of breaches investigated last year down from the previous year. This is according to communication giant Verizon’s 2010 Data Breach Investigations Report, in collaboration with the US Secret Service, and it said the decline was “a promising” indication.

However it seems that breaches of electronic records last year involved more insider threats, greater use of social engineering, and the continued strong involvement of organised criminal groups.

External Sources

The report found most data breaches investigated were caused by external sources: Sixty-nine percent of breaches resulted from these sources, while only 11 percent of breaches were linked to business partners.

The study said insiders caused 49 percent of breaches, which is an increase over previous report findings, primarily due to an expanded dataset and the types of cases studied by the Secret Service, Verizon said.

Many breaches involved privilege misuse, the report stated, with 48 percent of breaches attributed to users who, for malicious purposes, abused their right to access corporate information. An additional 40 percent of breaches were the result of hacking, while 28 percent were due to social tactics and 14 percent to physical attacks. The report said as in previous years, nearly all data was breached from servers and online applications, with 85 percent of breaches not considered highly difficult; 87 percent of victims had evidence of the breach in their log files, yet missed it.

“The reduction in breaches is a positive sign that we are gaining some ground in the fight against cybercrime,” said Verizon Business’ vice president of technology and enterprise innovation, Peter Tippett. “As we are able to share more information through the use of the VERIS security research framework to gather comparative security data such as the caseload of the Secret Service, we believe we will be even better equipped to arm organisations with best practices, processes, tools and services that will continue to make a difference.”

Data breaches continue to occur, according to the report, within all types of organisations. Financial services, hospitality and retail still make up the “Big Three” of industries affected (33 percent, 23 percent and 15 percent, respectively) in the merged Verizon-Secret Service dataset, though tech services edged out retail in Verizon’s caseload.

Sluggish Detection

A growing percentage of cases and a stunning 94 percent of all compromised records in 2009 were attributable to financial services. More than half of the breaches investigated by Verizon in 2009 occurred outside the United States, while the bulk of the breaches investigated by the Secret Service occurred in the United States. The report found no correlation between an organisation’s size and its chances of suffering a data breach.

The 2010 report concluded that being prepared remains the best defence against security breaches. “For the most part, organisations still remain sluggish in detecting and responding to incidents. Most breaches (60 percent) continue to be discovered by external parties and then only after a considerable amount of time,” the report concluded. “And while most victimised organisations have evidence of a breach in their security logs, they often overlook them due to a lack of staff, tools or processes.”