Verizon Business Releases Results of Security Breach Analysis
Verizon Business has released the results of a forensic study into the cause of corporate data breaches. The 2008 Data Breach Investigations Report covered incidents over four years, 500 separate investigations and 230 million records. The key findings include that 73% of breaches arose from external sources—which includes 39% (and trending upwards) attributed to business partners, with 18% identified as arising from insider threats. 62% were attributed to significant internal errors contributing to the breach. Of deliberate data breaches, 59% arose from hacking and intrusions to the network. Of these hack attacks, 39% targeted the applications or software layer with the Operating System targeted by 23% of attacks. Only 25% exploited known or unknown vulnerabilities—of which 90% had had a patch available for six months prior to the breach. 75% of breaches were also only discovered by a third party and had gone undetected for a significant period of time. There were regional differences in the type of attack with Asia, particularly China and Vietnam compromising data with application exploits, "defacements" largely originated from the Middle East while Eastern Europe and Russian attacks were associated with compromising point of sale system attacks.
Significance: Verizon Business notes that many companies have security policies but these are not implemented at a procedural level. Unknown data is often stored in disparate locations on the network and pointers to arising or completed attacks are often missed through lack of awareness. Security features are being built into networks at the hardware level and carriers increasingly offer them as features, including offering managed services but awareness and internals systems are still vital to control networked data security.