Verizon Business has released the “2008 Data Breach Investigations Report” that spans four years and more than 500 forensic investigations. It includes analysis of three of the five largest corporate breaches ever reported.
Key findings in the report indicate that 87 percent of all security breaches were avoidable through reasonable security measures.
Other key findings include:
- Most data breaches investigated were caused by external sources. Thirty-nine percent of breaches were attributed to business partners, a number that rose five-fold during the course of the period studied.
- Most breaches resulted from a combination of events rather than a single action. Sixty-two percent of breaches were attributed to significant internal errors that either directly or indirectly contributed to a breach. For breaches that were deliberate, 59 percent were the result of hacking and intrusions.
- Of those breaches caused by hacking, 39 percent were aimed at the application or software layer. Attacks to the application, software and services layer were much more commonplace than operating system platform exploits, which made up 23 percent. Fewer than 25 percent of attacks took advantage of a known or unknown vulnerability. Significantly, 90 percent of known vulnerabilities exploited had patches available for at least six months prior to the breach.
- Nine of 10 breaches involved some type of “unknown” including unknown systems, data, network connections and/or account user privileges. Additionally, 75 percent of breaches are discovered by a third party rather than the victimized organization and go undetected for a lengthy period.
- In the modern organization, data is everywhere and keeping track of it is an extremely complex challenge. The fundamental principle, however, is quite simple – if you don’t know where data is, you certainly can’t protect it.
The Verizon Business Security Solutions investigative experts offer these recommendations for enterprises:
- Align process with policy. In 59 percent of data breaches, the organization had security policies and procedures established for the system, but these measures were never implemented.
- Create a data retention plan. With 66 percent of all breaches involving data that a company did not even know was on their system, it’s critical that an organization knows were data flows and where it resides. Identify data and prioritize its risk to the organization.
- Control data with transaction zones. Investigators concluded that network segmentation can help prevent, or at least partially mitigate, an attack. In other words, wall off data when and where appropriate.
- Monitor event logs. Evidence of events leading up to 82 percent of data breaches was available to the organization prior to actual compromise. Data logs should be continually and systemically monitored and responded to when events are discovered.
- Create an incident response plan. If and when a breach is suspected, the organization must be ready to respond, not only to stop the data compromise but to collect evidence that enables the business to pursue prosecution when necessary.
- Increase awareness. Only 14 percent of data breaches were discovered by employees of the victimized organization, even though employees are the first line of defense in safeguarding data. Educate them to be aware.
- Engage in mock-incident testing: Making sure employees are well-trained to respond to a breach. Run drills and test people’s abilities, judgements and actions during a mock crisis.
For more information download the complete report in PDF format here.