Menu
Study: Nearly 90% of data breaches avoidable

Study: Nearly 90% of data breaches avoidable

Nearly nine in ten data breaches could have been avoided by taking reasonable security measures, according to a new report.

Some 87 percent could have been prevented, according to Verizon Business' 2008 Data Breach Investigations Report, which made 500 forensic investigations of over 230 million records spanning four years. The report analyzed hundreds of corporate breaches, including three of the five largest ones ever reported.

This study also found that 73 percent of breaches resulted from external sources, against 18 percent from insider threats. Some 39 percent were attributed to business partners. Most breaches resulted from a combination of events rather than a single hack or intrusion.

Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, urged businesses to be more proactive in their approach to security, and to keep better track of data. He added: "Security breaches and the compromise of sensitive information are very real and growing concerns for organizations worldwide."

In deliberate breaches, 59 percent were the result of hacking and intrusions, Verizon found. Of those, 39 percent were aimed at the application or software layer, compared to 23 percent that attacked the operating system.

Some 90 percent of known vulnerabilities exploited had patches available for at least six months prior to the breach.

Three quarters of breaches were discovered by a third party and had gone undetected for a lengthy period.

Verizon also warned that there was a growing worldwide black market for stolen data, especially in the retail and food industries, which accounted for more than half of all cases investigated. By contrast, financial services only accounted for 14 percent of breaches studied.

The report claims that data compromise is the easiest, safest and most lucrative way to steal the information necessary to commit identity fraud, which is a prime motivation for data breaches.

By breaking into restricted computer systems and compromising sensitive information stored within them, criminals are able to access systems that contain information on tens of thousands of victims versus just a handful through non-electronic means.

Businesses should take a range of simple actions to tackle breaches, the report said. It advised businesses to:

-- Align process with policy. In 59 percent of data breaches, businesses had security policies and procedures established for the system, but these measures were never implemented.

-- Create a data retention plan. With 66 percent of all breaches involving data that a company did not even know was on their system, it is critical that companies are aware of data flows and where they reside, Verizon said. It was important to identify data and prioritize its risk.

-- Control data with transaction zones. Network segmentation can help prevent, or at least partially mitigate, an attack, the report said.

-- Monitor event logs. In 82 percent of data breaches, evidence of events leading up to them had been available prior to actual compromise. Data logs should be continually and systemically monitored and responded to when events are discovered.

-- Create an incident response plan. If and when a breach is suspected, businesses must be ready to respond, not only to stop the data compromise but to collect evidence that enables them to pursue prosecution.

-- Increase awareness. Only 14 percent of data breaches were discovered by employees.

-- Engage in mock-incident testing. Running drills and testing peoples' abilities, judgements and actions during a mock crisis was crucial, Verizon said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments