Verizon Releases Data Breach Investigations Report

Analysis of worldwide security incidents offers key recommendations to protect sensitive data.

April 24, 2014

NEW YORK – Verizon released its 2014 Data Breach Investigations Report earlier this week, a comprehensive analysis that incorporates feedback from 50 companies around the world.

“Data security should matter to you … because when you suffer a breach of any kind … the impact is company-wide,” begins the report’s executive summary.

The report distilled analyses from 63,000 security incidents around the world, including 1,367 confirmed data breaches. It classifies nine incident patterns that nearly all industries are likely to face:

  1. Miscellaneous errors: 49% of mistakes involved printed documents
  2. Crimeware: The majority of crimeware incidents start via web activity
  3. Insider and privilege misuses: 85% used the corporate LAN
  4. Physical theft and loss: 43% happened at work
  5. Web app attacks: often target platforms like Wordpress
  6. Denial of Service attacks: attacks overwhelm an organization’s systems and applications with malicious traffic
  7. Cyber-espionage: attacks increased three-fold year-over-year
  8. POS intrusions: 85% took weeks to discover
  9. Payment card skimmers: 87% of these attacked an ATM and 9% attacked gas pumps

The report’s key recommendations include:

  • Be vigilant: Look through log files and change-management system for warnings.
  • Make your people your first line of defense: Educate staff about best practices.
  • Distribute data on a need-to-know basis: Limit access to sensitive data.
  • Patch promptly: A well-configured IT environment can help eliminate vulnerabilities.
  • Encrypt sensitive data.
  • Use two-factor authentication to limit the damage that can be done with stolen credentials.
  • Don’t neglect physical security: Monitor computers, payment terminals and gas pumps.
Advertisement
Advertisement
Advertisement