Interesting report from Verizon that a friend sent me.

Verizon Business Data Breach Investigations Report - The 2008 Data Breach Investigations Report offers an objective view of data breaches directly from the casebooks of their Investigative Response team. More than 230 million records compromised over the four year period are represented – including about a quarter of publicly disclosed data breaches.

Verizon analyzed thousands of data points from over 500 investigations world wide – including many never publicly reported. Here are just a few of their findings:

* 87% of cases could have been avoided with basic security measures.

* 66% of cases involved a system that the organization did not even know contained sensitive data.

* 39% of the breaches involved business partners.

* Breaches involving partners increased five-fold from 2004.

Data Breaches

* 73% resulted from external sources

* 18% were caused by insiders

* 39% implicated business partners

* 30% involved multiple parties

How the breaches occurred

* 62% were attributed to a significant error

* 59% resulted from hacking and intrusions

* 31% incorporated malicious code

* 22% exploited a vulnerability

* 15% were due to physical threats

What commonalities exist?

What was common?

* 66% involved data the victim did not know was on the system

* 75% of breaches were not discovered by the victim

* 83% of attacks were not highly difficult

* 85% of breaches were the result of opportunistic attacks

* 87% were considered avoidable through reasonable controls

“2004 through 2007, 90% of the vulnerabilities exploited (leading to a breach) had patches available for at least 6 months prior to the incident”

This entry was posted on Tuesday, June 17th, 2008 at 8:07 am and is filed under Network security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.