Commentary
How Organizations Get Hacked
Want a better idea of how organizations get infiltrated, including detailed synopsis of how many successful data breaches occur? Sit down with a copy of the just released Verizon Data Breach Investigations Supplemental Report and you'll get a great idea.Want a better idea of how organizations get infiltrated, including detailed synopsis of how many successful data breaches occur? Sit down with a copy of the just released Verizon Data Breach Investigations Supplemental Report and you'll get a great idea.This report, available here, goes into painful detail of what Verizon has determined to be the top 15 threats to data, along with actual (but confidential) examples of real-world breaches.
The data in this report is exactly the kind of help security managers need to help them design better budgets. They need to know what types of attacks are prevalent, successful, and how they work. For instance, while application-based attacks are still often overlooked, SQL-injection attacks accounted for 18% of all breaches, and were involved in 79% of lost records. That's a huge chunk of risk you might want to focus on.
More Security Insights
White Papers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
Reports
More >>Webcasts
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- Maximize ROI with Database Consolidation onto Private Clouds
The top number of threat actions, out of 15, organizations suffered, in order, include keyloggers and spyware, backdoor or command/control malware, SQL injection, abuse of system access privileges, and unauthorized access of default credentials.
Some of the attacks with the least impact (but not no impact) in the report include phishing, brute-force hacking attacks, and physical theft of a data container. The report goes into considerable detail about the how the threats work, industries they typically target, where they come from, and steps that can be taken to mitigate the risks.
One of the most eye-opening data sets to come from the report is the finding that the vast majority of breaches stem from external sources, rather than from insiders. Verizon's data found 73% of all breach sources (that required disclosure) originated externally, while 18% where from insiders. That finding flies in the face of the message of many security vendors who cite insiders as the biggest threat.
Does that mean insiders aren't a significant threat? Certainly not. They account for one-fifth of the breaches studied - and a knowledgeable, well-positioned insider can do an enormous amount of damage. But that threat can't be mitigated at the expense of hardening systems from malware and application-based attacks.
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Resource
This is your portal to all the news, product information, technical data, and other information related to the topic of computer user authentication and certification. Visit us to find out how to ensure that computer users are who they say they are.
Learn More
