Data Breach Risk Factors by Sector
Laptop Security Blog Data Breach Risk Factors by Sector
October 20th, 2008
Author: arieanna
In July, Verizon released a comprehensive study, the “2008 Data Breach Investigations Report”, that looked into 4 years of data breaches, based on forensic investigations and hundreds of data breaches. The report was discussed here on the blog. Verizon has now issued a supplemental analysis from that study.
The supplemental report compares risk factors among the various industries: finance, food, retail and tech. It identifies some important insights into the data, such as that, among all industries, the financial services industry is at the greatest risk of insider data breaches. In other sectors, business partners posed a higher risk to data.
“The supplemental report provides further insight into the nature of breaches, underscoring that good security does not lend itself to a cookie-cutter approach.” – Dr. Peter Tippett, vice president of research and intelligence, Verizon Business Security Solutions
The supplemental report indicates that financial service firms are the targets of more sophisticated attacks that often take weeks to discover. That said, financial organizations were shown to have a higher level of asset awareness and to detect breaches more quickly than other organization types. Breaches from lost systems, like laptops, tend to occur less frequently.
The data breach investigation report found that the majority of breaches could be avoided by reasonable security measures, so this supplemental report aims to help identify what industry-specific differences could lead to better proactive security measures.
Other key findings include:
- High-tech organizations: had a difficult time keeping track of information assets, affected by malicious insiders more than others, hacked more than others
- Retail: more data breaches than other sectors, wireless network attacks growing quickly, too reliant on third-parties to discover breaches, most attacks are opportunistic
- Food and beverage: many breaches involve third-party remote access to payment card data, poor security configurations are exploited, POS systems are used to spread malware, and breach detection is very poor
Resources:
And a fun piece of educational reading – spammers are more likely to use Obama than McCain in the subject line of spam emails [read here].
Via CSO Online, Information Week
Category: Security Policy, Surveys & Reports, Theft Prevention | 
2 Comments »
Anytime there is a notification of another data breach–which is essentially every day at this point–the details of the event tend to get washed away, and the breach is reduced to basically two pieces of information: the name of the victimized company and the number of records it lost. This leads to an assumption that all of these incidents are created equal, which is demonstrably not the case. Verizon Business on Thursday released a supplement to its June Data Breach Investigative Report, which shows that of all the breaches that the company’s security response team worked on from 2004 through 2007, the majority (62%) were caused by errors and not malware or direct attacks.
——————–
christina
Loads of breaches occur with laptops containing sensitive information being lost or stolen. People should really be more careful!