Verizon has published its 2012 data breach investigations report. This years report is a result of analysing 855 incidents, 174 million compromised records and it represents a broader and more diverse geographical scope.
Some key points from the executive summary of the report
Who is behind data breaches?
- 98% stemmed from external agents (+6%)
- 4% implicated internal employees (-13%)
- <1% committed by business partners (<>)
- 58% of all data theft tied to activist groups
How do breaches occur?
- 81% utilized some form of hacking (+31%)
- 69% incorporated malware (+20%)
- 10% involved physical attacks (-19%)
- 7% employed social tactics (-4%)
- 5% resulted from privilege misuse (-12%)
What commonalities exist?
- 79% of victims were targets of opportunity (-4%)
- 96% of attacks were not highly difficult (+4%)
- 94% of all data compromised involved servers (+18%)
- 85% of breaches took weeks or more to discover (+6%)
- 92% of incidents were discovered by a third party (+6%)
- 97% of breaches were avoidable through simple or intermediate controls (+1%)
- 96% of victims subject to PCI DSS had not achieved compliance (+7%)
Where should mitigation efforts be focused?
- Implement a firewall or ACL on remote access services
- Change default credentials of POS systems and other Internet-facing devices
- If a third party vendor is handling the two items above, make sure they.ve actually done them
- Eliminate unnecessary data; keep tabs on what.s left
- Ensure essential controls are met; regularly check that they remain so
- Monitor and mine event logs
- Evaluate your threat landscape to prioritize your treatment strategy
- Refer to the conclusion of this report for indicators and mitigators for the most common threats
You can read the full report here