The 2015 Data Breach Investigations Report, just released by Verizon, continues to adopt the methodology of nine common threat patterns, as well as expanding into discussions of threats from mobility and the Internet of Things (IoT) and the financial impact of a data breach.This year’s report looked at 12 terabytes of data, combining data from 70 organizations, 79,790 security incidents from 61 countries, as well as 2,122 confirmed data breaches.
For the first time, the 2015 DBIR examines incidents in which endpoint devices are used as an entry point to compromise other systems. For example, the report states that two-thirds of incidents that compromise the cyber-espionage pattern have featured phishing:
“The user interaction is not about eliciting information, but for attackers to establish persistence on user devices, set up camp, and continue their stealthy march inside the network."
Verizon has put forth a new estimation for the financial impact of a data breach, including variabilities for the type of lost record (credit card, medical health record, etc) and the total number of records compromised. This new model predicts that a breach affecting 10 million records will fall between $2.1 million and $5.2 million in 95% of breach incidents, though could range up to $73.9 million. These costs escalate for even larger data breaches.
Insights from the report include:
As we have postulated, cyberattacks come from many different vector points. It only takes one missing device, one use of insecure WiFi, one compromised password, one click of a phishing email (and so forth) to compromise the entire corporate network. BYOD, mobility, the cloud, the IoT—all of these trends increase the exposure and potential risk of a data breach. Focusing solely on protecting the network to prevent cyberattack would leave organizations at risk for cyberattack from insecure endpoint devices.
The DBIR shows that organizations can make substantial improvements in their security positioning to reduce the number of security incidents that happen each year. Simple steps such as rolling out patches, which can now be automated with Absolute Manage, to making your employees your first line of defense, encrypting data (and proving encryption with Absolute Computrace), and including physical security can go a long way to preventing many data breaches.
Absolute Software is proud to work with Verizon as a Technology Alliance Partner. Together, we provide simplified business processes to customers who use Absolute solutions and Verizon wireless, allowing customers to save administrative time and resources.