E-mail
Niamh Hayes, Marketing Advisor, PixAlert

DATA BREACH – DRILL DOWN

The annual Verizon Data Breach Investigations Report reveals a holistic light on what’s been happening in the world of breach over the past twelve months. A review of the report over the last two years goes further to evaluate shifts in trends and threats during 2010 and 2011.  Annually, security experts take a step back to take a hard look at threats and developments that have emerged in an effort to prepare and brace for the future.

Identifying Threat Sources

External sources appear to be the biggest security threat and are more prevalent than in previous years. Companies of all sizes seem to be finally heeding to the reality of security threats by taking necessary measures internally to prevent breaches and reduce risk.  More organisations are developing, auditing, and enforcing comprehensive internal strategies including a more stringent approach to user policies in order to lock down access and protect sensitive and unsecured data.  With the rise of more efficient security structures, internal threats have decreased from 12% in 2010 to 2% in 2011.  86% of data breaches were perpetrated by external sources in 2010, compared to 98% 2011.

Methods of Data Breaches

Hacking, malware, and a combination of the two are still the most widespread types of tactics used that result in data breaches. Infection vectors in malware spiked 15% from 2010 to 2011, and are an added threat to watch out for more conscientiously.

  • Hacking accounted for 50% of data breaches in 2010 compared to 81% in 2011 (+31 %).
  • Malware attributed to 49% of breaches in 2010 against 69 % in 2011 (+20%).

Again organisations appear to have become more aware of threats by putting the necessary security protocols in place with a reduction in the number of internal and physical attacks.  In 2010, 29% of breaches were a result of physical attacks, this dropped to just 10% in 2011 and is expected to be lower again 2012. Concurrently, privilege misuse comprised of 17% of breaches in 2010, but just 5% in 2011.

A snapshot of some security challenges that saw little to no change between 2010 and 2011:

  • Victims subject to PCI-DSS had not achieved compliance - 89%: 2010 / 96%: 2011
  • During 2010/11, the hospitality industry was the most aggressively attacked, with financial and insurance industries taking second place respectively.
  • Victims of opportunity -  83%: 2010 / 79%: 2011
  • Attacks that were not highly difficult - 92%: 2010 / 96%: 2011
  • In 2010, 22 countries fell victim to data compromise, this increased to 36% in 2011 to 36 countries.

Effective Breach Containment

On a more positive note, breaches were contained quicker in 2011 - 34% of breaches were contained within days of being known in 2010 while this rose to 42% in 2011 which shows that companies are becoming better prepared to deal with breaches through more efficient security planning and reactionary measures.  

Looking ahead, it’s important to remember the seriousness and implications for an organisation once it has experienced a breach. With the prevalence of data being stolen and lost, security and data protection is at the forefront of business agendas.  What’s evident from this latest review is that prevention is better than cure and it appears that the general mind set is shifting in its approach to protecting sensitive data. It’s also a bit unnerving that most of the breaches in recent years could have been prevented with simple security measures and countermeasures.  In an effort to develop a more comprehensive approach to minimising data risk and improve security measures, businesses need to consider the following proactive components to data protection:

-          Enterprise visibility to understand and identify data entities that contribute to risk threats and vulnerabilities

-          Ability to take required action to classify, remediate and consistently protect valuable data

-          Continuous monitoring through automated risk assessment and review

Through adapting a broader based security practice with an ongoing process of auditing to ensure that critical data assets and procedures are continuously evaluated, risks can be minimised and valuable information efficiently safeguarded against the threat of breach. 

About PixAlert

PixAlert deploy world-class scalable enterprise data audit solutions enable organizations to discover, classify and protect unsecured, critical data across enterprise-wide network helping businesses to manage risk, improve security processes and maintain compliance standards. For more information contact This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 Original Article Sources:

-          SC Magazine

-          Verizon Data Breach Investigations Report

-          Network World

Incidences of Recent Data Breach Incidents

Major breaches of PII in the past few years have included:

  • Heartland Payment Systems had 130 million payment records compromised.
  • TJX Companies had 94 million transactions compromised.
  • Sony experienced two significant breaches, the first impacting 77 million and another where 25 million people were affected.
  • U.S. Department of Veterans Affairs had the data of 26 million people compromised.
  • A former employee of the South Carolina Dept. of Health and Human Services was arrested after allegedly downloading the personal information of more than 228,000 Medicaid beneficiaries.
  • The Tricare Military Health program and its Business Associate, Science Applications International had a breach which impacted almost five million individuals.
 

© Copyright PixAlert 2011 - Company Registration Ireland: 307665

Sitemap 

Pixalert USA | Pixalert UK | Pixalert Ireland | Pixalert Blog

Follow Pixalert on Twitter Pixalert on Linkedin
 SEO and Webdesign by Organic SEO Ireland