Study: Nearly 90% of data breaches avoidable

Study: Nearly 90% of data breaches avoidable

Nearly nine in ten data breaches could have been avoided by taking reasonable security measures, according to a new report.

Some 87 percent could have been prevented, according to Verizon Business' 2008 Data Breach Investigations Report, which made 500 forensic investigations of over 230 million records spanning four years. The report analyzed hundreds of corporate breaches, including three of the five largest ones ever reported.

This study also found that 73 percent of breaches resulted from external sources, against 18 percent from insider threats. Some 39 percent were attributed to business partners. Most breaches resulted from a combination of events rather than a single hack or intrusion.

Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, urged businesses to be more proactive in their approach to security, and to keep better track of data. He added: "Security breaches and the compromise of sensitive information are very real and growing concerns for organizations worldwide."

In deliberate breaches, 59 percent were the result of hacking and intrusions, Verizon found. Of those, 39 percent were aimed at the application or software layer, compared to 23 percent that attacked the operating system.

Some 90 percent of known vulnerabilities exploited had patches available for at least six months prior to the breach.

Three quarters of breaches were discovered by a third party and had gone undetected for a lengthy period.

Verizon also warned that there was a growing worldwide black market for stolen data, especially in the retail and food industries, which accounted for more than half of all cases investigated. By contrast, financial services only accounted for 14 percent of breaches studied.

The report claims that data compromise is the easiest, safest and most lucrative way to steal the information necessary to commit identity fraud, which is a prime motivation for data breaches.

By breaking into restricted computer systems and compromising sensitive information stored within them, criminals are able to access systems that contain information on tens of thousands of victims versus just a handful through non-electronic means.

Businesses should take a range of simple actions to tackle breaches, the report said. It advised businesses to:

-- Align process with policy. In 59 percent of data breaches, businesses had security policies and procedures established for the system, but these measures were never implemented.

-- Create a data retention plan. With 66 percent of all breaches involving data that a company did not even know was on their system, it is critical that companies are aware of data flows and where they reside, Verizon said. It was important to identify data and prioritize its risk.

-- Control data with transaction zones. Network segmentation can help prevent, or at least partially mitigate, an attack, the report said.

-- Monitor event logs. In 82 percent of data breaches, evidence of events leading up to them had been available prior to actual compromise. Data logs should be continually and systemically monitored and responded to when events are discovered.

-- Create an incident response plan. If and when a breach is suspected, businesses must be ready to respond, not only to stop the data compromise but to collect evidence that enables them to pursue prosecution.

-- Increase awareness. Only 14 percent of data breaches were discovered by employees.

-- Engage in mock-incident testing. Running drills and testing peoples' abilities, judgements and actions during a mock crisis was crucial, Verizon said.

Follow Us

Join the newsletter!

Error: Please check your email address.



Bumper channel crowd kicks off first After Hours of 2018

Bumper channel crowd kicks off first After Hours of 2018

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Jefferson in Auckland to kick-start 2018. Photos by Gino Demeer.

Bumper channel crowd kicks off first After Hours of 2018
Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Show Comments