8 May 2012

International data breach report flags alarming trends

A report by Verizon highlights some extremely troubling trends about the types of data breaches occurring around the globe and also how organizations of all sizes are failing to adequately respond to new threats.

Verizon studied 855 breaches in 2011 involving organizations in 36 countries and compromising over 174 million records. Those figures are alarming in themselves.  But just as concerning are some of the statistics drawn from an analysis of these incidents.  Consider:

  • 98 percent of breaches examined in the report stemmed from external agents, notably organized criminals, but also an increasing number of activist groups.  Meanwhile, only 4 percent of breaches involved internal employees.
  • Hacking was linked to the vast majority of incidents – 81 percent.  As well, increasingly invasive malware was used in 69 percent of the breaches.
  • Most breaches were avoidable, with Verizon’s experts concluding that 96 percent of the attacks were not highly sophisticated.
  • Almost all of the firms involved – 96 percent – were non-compliant with the Payment Card Industry Data Security Standard.
  • Organizations also seemingly had trouble detecting breaches – 92 percent of incidents were discovered by a third party; and typically only weeks or months after the breach occurred.

The report is eminently readable and even occasionally funny (who knew there was a “Sesame Street” method of detecting data breaches).

It also includes a point-of-sale security tip sheet that anyone can cut out and distribute to the stores, restaurants and other businesses they frequent. There are more detailed mitigation strategies at the end of the report.

The report raises some fundamental questions about whether organizations – despite all the warnings and growing evidence of the risks – are taking data protection responsibilities and security standards seriously.

5 Responses

Halifax Dogs Says:

wait a minute. Isn’t this a little like an entity investigating itself? I mean verizon sells data services, am i missing something? Sounds like glass houses and the whole throwing stones game.

Matthew Philips Says:

Increased fines are soon to be available to some national regulators, on a new sliding scale of up to €1 million, or up to 2% of a company’s overall global turnover for serious cases, which might make business think a little harder!

Brian Mannax Says:

In Australia we are almost daily reading of data breaches in corporates. In particular banks and telecomm companies. The interesting thing is that these companies dont follow up with apologies or discounts, they just move on. We have an ‘ombudsman’ who handles consumer complaints but these rarely go anywhere. Probably a two prong approach (against the hacker and against the company might bring more positive action!

JD Says:

Ya it’s crazy how many breaches I have heard regarding information and sensitive information. This needs to be a high priority for the government. I think we are relying more and more on Electronics without thinking of the consequences of something bad happening.

The Global Epidemic of Data Security Breaches - iPost Blog - Conducting Business Around the Globe and Secure Content Management Says:

[…] conducted by Verizon studied 855 breaches involving organizations across 36 countries, in 2011. Over 174 million records were compromised in these data security breaches. Your document security has to be able to handle the slings and arrows of hacker attacks and data […]

Leave a Reply

If you wish to leave a reply, you will be asked to provide your name and e-mail address. Your e-mail address is required for the purposes of limiting spam and contacting you should we have questions about your comment.

To learn more about why this information is collected and how it will be used, please read our Blog Comment Policy.