Mistakes, not insiders, to blame for most breaches

2008 was a banner year for security breaches, according to new research from Verizon. And while many security vendors have been banging the drum about the threat of malicious insiders, this report indicates organizations should be more wary of outside attacks.

The “2009 Verizon Business Data Breach Investigations Report,” released this week finds that hackers continue to intensify and sharpen their efforts to steal sensitive data. In fact, more electronic records were breached in 2008 than the previous four years combined.

The study’s authors said the upswing is fueled by a targeting of the financial services industry and a strong involvement of organized crime. Corporations fell victim to some of the largest cybercrimes ever during 2008, noted the report

The findings debunk the motion that insiders account for the biggest threat to security in most organizations and instead finds that 74 per cent resulted from external sources. Only 20 per cent were caused by insiders.

The study, the second annual conducted by Verizon, is based on data analyzed from Verizon Business’ actual caseload comprising 285 million compromised records from 90 confirmed breaches. The financial sector accounted for 93 per cent of breaches, and a staggering 90 per cent of these records involved groups identified by law enforcement as engaged in organized crime.

The research authors also noted that the investigation found most breaches were avoidable. Nearly nine out of 10, 87 per cent, were considered avoidable through simple or intermediate controls. A staggering 81 per cent of victims were not Payment Card Industry (PCI) compliant.

Another finding that may surprise some is that 99.9 per cent of records were compromised through servers and applications, not from user sources often associated with data leaks, such as desktop PCs and mobile phones.

Highly sophisticated attacks accounted for only 17 per cent of breaches and 83 per cent of attacks were considered to be what Verizon termed as “not highly difficult” to pull off.

However, the study authors also note that while the per centage of sophisticated attacks was small, they accounted for 95 per cent of the total records breached.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now