Data Breach Study Spanning 500 Break-Ins Released

Dr. Jim Anderson writes "The good folks over at Verizon Business have released a report that summarizes what they've found after looking through 500 forensic investigations involving 230 million records, and analyzes hundreds of corporate breaches including three of the five largest ones ever reported. What did they find? How about (1) Nearly nine in 10 corporate data breaches could have been prevented had reasonable security measures been in place, (2) Fewer than 25 percent of attacks took advantage of a known or unknown vulnerability and (3) attacks from Asia, particularly in China and Vietnam, often involve application exploits leading to data compromise, while defacements frequently originate from the Middle East."

Re:Aarrgghhh!!!

[ledow]

Yeah, it's really not clearly worded, is it?

I assume they mean "software/hardware vulnerability", and that the other 75% are people doing stupid things - "human vulnerabilities" or even "policy vulnerabilities". It's interesting in itself though that 75% of the attacks are due to, presumably, direct human error and nothing to do with the data being on computer.

So when you're bank next releases your details, don't accept an explanation. Most probably, someone who works there did something incredibly stupid and deliberate, rather than they got hacked or outwitted.

Actual report

[martyb]

Here is a link to the actual report (PDF): http://www.verizonbusiness.com/resources/security/databreachreport.pdf

I quickly scanned the report and it appears to be quite detailed. Definitely required reading for any CxO!