Verizon Report: Most Data Breaches Avoidable

Here's a remarkable statistic: Among the more than 900 electronic records breaches that Verizon Business experts investigated last year, a whopping 96 percent could have been avoided if security basics had been followed.

That's right. Nearly all of these breaches could have been avoided; only 4 percent of the breaches analyzed required difficult and expensive protective measures. In addition, most victimized organizations (87 percent) had evidence of a breach in their security logs, but overlooked these red flags due to a lack of staff, tools or processes.

The new 2010 Verizon Data Breach Investigations Report , which for the first time was prepared in collaboration with the US Secret Service, is filled with other fascinating results, too all of which offer some important perspective about the vulnerability of business data and the most effective approaches for mitigating cybercrime threats. For instance, the report also reveals that:

Stolen credentials were the most common way of gaining unauthorized access into organizations in 2009, pointing once again to the importance of strong security practices both for individuals and organizations.



Organized criminal groups were responsible for 85 percent of all stolen data last year.



Most breaches (60 percent) were discovered by external parties and then only after a considerable amount of time.



External sources were responsible for 69 percent of breaches; only 11 percent were linked to business partners. Insiders caused 49 percent of breaches and while that's an increase over previous report findings, it's primarily due in part to an expanded dataset and the types of cases studied by the Secret Service.



Almost half (48 percent) of breaches were attributed to users who, for malicious purposes, abused their right to access corporate information. Another 40 percent of breaches were the result of hacking, while 28 percent were due to social tactics and 14 percent to physical attacks.


In addition to detailing the challenges of securing cyberspace today, the report also offers suggestions to mitigate data threats at your business. The list includes:


Restrict and monitor privileged users. According to the report, insiders, especially highly privileged ones, can be difficult to control. Use a "trust but verify" strategy that includes pre-employment screening, limited user privileges and separation of duties. Privileged use should be logged and messages detailing activity generated to management.



Watch for minor' policy violations. The study finds a correlation between seemingly minor policy violations and more serious abuse, suggesting that organizations should be wary of and adequately respond to all violations of an organization's policies.


Implement measures to thwart stolen credentials. Your top priority should be protecting your systems from credential-capturing malware. Consider two-factor authentication where appropriate. If possible, implement time-of-use rules, IP blacklisting and restricting administrative connections.



Monitor and filter outbound traffic. An organization that monitors, understands and controls outbound traffic can greatly increase its chances of mitigating malicious activity.



Change your approach to event monitoring and log analysis. The report shows that nearly all victims have evidence of the breach in their logs. Make sure there are enough people, adequate tools and sufficient processes in place to recognize and respond to anomalies.



Share incident information. Verizon believes the availability and sharing of information are crucial in the fight against cybercrime and the report commends all those organizations that take part in this effort, through such data-sharing programs.


A complete copy of the "2010 Data Breach Investigations Report" is available at http://www.verizonbusiness.com/go/2010databreachreport/.