Software // Information Management
Commentary
6/18/2008
11:39 AM
Randy George
Randy George
Commentary
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%
Repost This

Verizon Releases Data Breach Investigation Report

The Verizon Business Investigative Response team recently released a report detailing the facts and figures associated with system breaches from more than 500 cases over the past 4 years. The report mostly contains obvious information regarding the who, what, where, and how of most data breaches, but it's worth reading. There were some pretty interesting statistics and factoids contained in the piece.

The Verizon Business Investigative Response team recently released a report detailing the facts and figures associated with system breaches from more than 500 cases over the past 4 years. The report mostly contains obvious information regarding the who, what, where, and how of most data breaches, but it's worth reading. There were some pretty interesting statistics and factoids contained in the piece.As I read through the report, here's what jumped out at me.

• 73% of data breaches resulted from external sources, including business partners.

• The Retail, Food & Beverage and Financial Services industries were disproportionate targets of data breaches, clearly due to their concentration and possession of personal credit card data.

• While 73% of data breaches came from outside sources, the damage done in terms of the number of records compromised paled in comparison with the damage done by internal attacks. The median number of records compromised by an internal job was 375,000.

• 80% of breaches were classified as low to medium in terms of difficulty to execute. Only 17% were deemed to be of a high difficulty to execute, which high difficulty being defined as needing specialized skills and resources in order to pull off the hack.

• 70% of the time, victims of breaches are notified by third parties. That's a pretty interesting fact, so what's the cause? Do IT shops lack the tools? Does the market lack an integrated, easy to manage offering to solve the problem? Are IT shops just not watching? I suspect all three are factors.

Here's the most shocking and alarming statistic for me: • 90% of breaches utilized exploits for which there was a patch available for at least 6 months. Now I won't claim to be the most diligent engineer when it comes to applying security patches to my servers, but if you get hacked using an exploit for which there's been a fix for 6 months, you, and I, have no one to blame but ourselves.

Want to read the full report? Follow this link.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.