The 2013 Data Breach Investigations Report was recently released by Verizon. Following up with our discussion of the previous year's report, the report attempts to provide insight into the nature of data breaches to help with organizational planning.
The 2013 report looks at 621 confirmed data breaches affecting more than 44 million compromised records. The report explores more than 47,000 security incidents experienced from 19 organizations spanning across 27 countries. As with previous reports, the established threats continue to plague organizations, so shouldn't be ignored. The report shows that assets are the most at risk (laptops, desktops and servers) not applications, so IT security focus shouldn't entirely shift focus to new risk vectors.
Highlights from the report:
There are many data breaches that are avoidable. Many are the result of unintentional human error, as Verizon notes:
"It’s not just elaborate actions that have serious implications. While most breaches are deliberate, many involve an unintentional element. Taking information home, copying data onto a USB drive, attaching the wrong file to an email or sending it to the wrong person, or leaving a laptop in a cab can all lead to a data breach."
Though there are more attacks by outsiders, what happens as the result of insiders can be just as damaging. Insiders may not be maliciously causing harm, but careless actions can have huge consequences. Data breach prevention should not only focus on the unknown, but on the education of employees, on user access controls and GRC of the endpoint. Read additional recommendations in the full report here.