Verizon’s 2012 Data Breach Investigations Report

Don Miller

One of the goals for this blog is to provide our readers with periodic updates of events occurring in the world of secure/managed file transfer. One such event is the recent release of Verizon’s 2012 Data Breach Investigations Report (DBIR). (If you follow the link to the DBIR, please know it is a 92-page document so it may take some time to load). The DBIR reports a sharp increase in both the scope and extent of data breaches occurring around the world.

How big were the data breach problems in the past year? The answer is, in a word, “huge.” The DBIR estimates that more than 855 incidents occurred worldwide in 2011. The number of compromised records as a result of these incidents “skyrocketed” to 174 million, from just 4 million a year earlier. That’s right; we said 174 million compromised records! No doubt everyone can recall recent examples of such data breaches, some involving large commercial and governmental entities.
The DBIR found that most of the attacks were perpetrated by external hacking (up 31% from the previous year), and most were easily preventable.

The research found the following “commonalities” among the incidents:
• 97% of breaches likely were avoidable by implementing relatively rudimentary controls.
• 96% of attacks were not highly difficult to accomplish.
• 94% of compromised data was stored on a server computer.
• 92% of incidents were discovered by a third party.
• 85% of breaches took weeks, or even months to discover.

And the cybercriminals are attacking more sensitive, high-value targets. According to the DBIR, “[m]ainline cybercriminals continued to automate and streamline their method du jour of high-volume, low-risk attacks against weaker targets. Much less frequent, but arguably more damaging, were continued attacks targeting trade secrets, classified information, and other intellectual property.”

So what do the DBIR findings mean for you and your business? Business data is undergoing exponential expansion in terms of volume, proliferation of formats, and the speed at which it flows in and out of the organization. Thus, businesses need to secure their transfers of business data, both internally and externally, and must focus on processes, policies, and technologies that address threats to such transfers.

If you’re unsure of your organization’s exposure to such data security risks, you can send a confidential email to requesting a free 60-minute consultation. In addition, you may be interested in reviewing the data security features present in our bTrade Secure software solution. bTrade Secure offers multiple secure transfer protocols, including those most IT professionals prefer—SFTP, FTPS and HTTPS—as well as industry-leading encryption algorithms to safeguard sensitive data. In addition, our security module has been certified by the National Institute of Standards and Technology (“NIST”) under its Federal Information Processing Standard (“FIPS”) 140-2. The FIPS 140-2 standard is an information technology security accreditation program for cryptographic modules produced by private sector vendors who seek to have their products certified for use in government departments and regulated industries (such as financial and health-care institutions) that transmit and store sensitive information.