If you have never taken a close look at Verizon’s yearly Data Breach Investigations Report, we highly recommend that you do. It just came out, and is once again, a very informative read.
The Verizon Report received data breach incident information from 70 contributing organizations in 61 countries, which reported on 79,790 security incidents, representing 2,122 confirmed data breaches.
The Report confirms that the top three industries affected are the “same as previous years: Public, Information, and Financial Services.” But the conclusion is clear: “No industry is immune to security failures.”
The grim news is that attackers are able to compromise an organization “within minutes” 60% of the time. For the past two years, “more than two-thirds of incidents that comprise the Cyber-Espionage pattern have featured phishing.” (See Partners HealthCare breach post above). Almost 50% of individuals “open e-mails and click on phishing links within the first hour” of receiving them. The Report reiterates how important education and training is for your employees to detect and mitigate phishing expeditions.
Interestingly, the Report indicates that mobile devices are “not a preferred vector in data breaches.” Remember though, that this Report focuses on infiltration, not loss, so don’t take your eye off the mobile device ball.
The authors provide a new model for forecasting the cost of a data breach which is quite helpful. Take a look at the numbers on page 30 of the Report. They state that the numbers are given with a 95% confidence rate in the expected column, which shows the cost for 100 records at $25,450; 1,000 records at $67,480; 10,000 records at $178,960; 100,000 records at $474,600; 1,000,000 records at $1,258,670; 10,000,000 at $4,448,020; and 100,000,000 (e.g. Anthem) at $8,852,540.
Finally, the Report follows the 2014 Report by classifying incidents into 9 categories. This year the Report concludes that incidents are caused 29.4% from miscellaneous errors; 25.1% by crimeware; 20.6% from insider misuse; 15.3% from physical theft/loss; 4.1% from web app attacks; 3.9% from denial of service; 0.8% from cyber-espionage; 0.7% from POS intrusions; and 0.1% from payment card skimmers.
Hats off to the guys at Verizon for their superb work every year on this Report. It is chock full of useful information and is a must read for privacy and security professionals. Show them your support by reaching out to them at firstname.lastname@example.org. I just did.