HIGHLIGHTS OF THE 2013 VERIZON DATA BREACH INVESTIGATION REPORT

The 2013 Verizon Data Breach Investigation Report is now available.  As in past years, the Report provides useful information regarding trends in data breaches, and tips for protecting your company.  The following are highlights from the Report:

1. SOURCE OF INFORMATION FOR THE REPORT

Verizon receives information from 19 global organizations, including law enforcement agencies, national incident reporting entities, research institutions, and private security firms.  They analyzed over 47,000 security incidents from 27 countries.

2. WHAT TYPES OF COMPANIES ARE THE SUBJECT OF CYBER ATTACKS?

In a word, “all.”  Approximately 75% of cyber attacks are opportunistic, which means they are not targeted at a specific individual or company.  If you have weak security, you are a target of opportunity, regardless of your size or industry.

The vast majority of cyber attacks are financially motivated.  Most of these attacks originate in the U.S. or Eastern Europe, particularly Romania, Bulgaria, and the Russian Federation.  State affiliated espionage attacks account for 19% of all attacks.  Most of these come from East Asia.

3. WHO ARE THE PERPETRATORS?

The Report found that 86% of attacks do not involve employees or insiders.  My sense is that insider attacks are the least likely to be reported.  Therefore, the frequency of insider attacks and employee-caused breaches might be higher than 14%.   It is not a surprise that over 70% of IP theft by insiders occurred within 30 days of them announcing their resignation.

A perfect example of companies being victims of their own weak security, is the finding that 50% of security incidents by insiders were the result of former employees using old accounts or back doors that were not disabled.  How difficult is it for a company to disable the access of former employees, and make sure they are locked out of the company network?  Evidently, for some companies it was more difficult than one might think.

4. MANY BREACHES ARE STILL EASILY PREVENTED

Perpetrators are always looking for new ways to breach systems.  At the same time, however, the majority of attacks still use techniques that require little or no skill, resources, or customization.  On a difficulty rating scale, 78% of attacks fell in the low, or very low category.

The bad news for this statistic is that a breach using simple technology can be just as devastating as a breach that requires a high level of technological sophistication.  The good news is that the low level breaches are easier to protect against.

5. WILL YOU KNOW WHEN YOU HAVE BEEN BREACHED?

Eventually, you will probably become aware of a breach, but it might take awhile.  In 66% of the cases studied, the breach was not discovered for months, or even years.  In 22% of the cases it took months to contain the breach, once it was discovered.

Discovery of the breach was also problematic.  In 69% of the cases, the breach was spotted by someone outside the company.  In 9% of the cases, the breach was spotted by a customer!

The biggest takeaway from the Verizon Report is that a little goes a long way when it comes to data security.  You do not have to spend a zillion dollars to institute the latest IT security in an effort to become “breach-proof.”  Interventions such as employee training, data retention and destruction, and data access systems are easy, and relatively inexpensive.  Think about all the companies that lost data because an ex-employee still had access to the system.  How easy and inexpensive would it have been to terminate access the moment the employee quit, or was fired.

If you would like to review the full Verizon 2013 Data Breach Investigations Report, you can find it at verizonenterprise.com/DBIR/2013.