Verizon Gives Us the Lowdown on Data Breaches
It’s time to wrap up Cybersecurity Month with a look at Verizon’s latest Data Breach Investigations Report, an extensive, thoroughly researched annual analysis of common cyberthreat patterns and data breaches of all types. On the download page for the full 70-page report, you’ll also find a three-minute video wrap-up, a short SlideShare presentation aimed at answering your common data breach questions (this leads into an hour-and-twenty-minute webinar), a spiffy infographic, and a bunch of additional resources, so there’s something for everyone’s attention span or learning style here.
A major thrust of the report is to remind us that cybersecurity has moved from being an IT department concern to an overall business imperative. As we all know, security breaches can ruin customer trust and also affect revenues.
Top Takeaways from the Data Breach Investigations Report
Here are some of the unsettling statistics from the Verizon report:
- The cost of a data breach can be as low as 9¢ per record but as high as $254 per record, and while the average cost is 58¢ per record, it is important to note that some large companies and organizations can have records as numerous as 100 million.
- An alarming finding is that it is actually taking businesses longer these days to detect that there has been a breach. Verizon found that in a quarter of all cases, it took the victim days or even months to realize there had been an attack.
- While 7 million security vulnerabilities existed in 2014, fortunately, 97 percent of all incidents came from just 10 main vulnerabilities.
- While you might think that most vulnerabilities would be of very recent origin, shockingly, the greatest number of vulnerabilities in Verizon’s findings came from 2007, a full seven or eight years later. What’s depressing here is that patches have existed for many of these older vulnerabilities for years, and yet, organizations don’t have the fixes in place. In some data breaches that Verizon investigated, patching solutions had existed since 1999.
- Millions of threats exist, but the Data Breach Investigations Report has been able to distill them into nine major categories for organizations to address:
- Denial-of-service attacks
- Insider and privilege misuse
- Miscellaneous errors
- Payment card skimmers
- Physical theft and loss
- Point-of-sale intrusions
- Web application attacks
- Of the nine categories above, four categories—crimeware, insider and privilege misuse, miscellaneous errors, and physical theft and loss—account for 90 percent of breaches, and all four of those involve human error or misuse.
- Despite what you might think, mobile devices are not currently a big source of malware compromise—less than 0.03 percent of mobile devices suffer a malware incident each year.
- Users are still being taken in by phishing attacks big-time, with 23 percent opening phishing emails and 11 percent opening phishing attachments. And, cyberattackers are getting more sophisticated in their phishing schemes, using them to deliver malware that can affect whole systems within an organization.
While the Internet of Things has been making news, along with concerns about potential security threats associated with it, for now, it is what Verizon calls “familiar foes” that are dogging us: phishing attacks, misuse of credentials, and new types of malware.
Knowledge is empowerment when it comes to cybersecurity and risk management, so make a promise to download and read the Data Breach Investigations Report, especially if you are interested in helping your company or organization combat cybercrime. You might even want to become trained in security or cybersecurity, and Cisco is ready to help you with that.
And, let us know in the Comments section below where you are seeing the biggest security threats in your day-to-day operations.
Gary Pfitzer is a content manager at Learning@Cisco, focused on bringing various aspects of today's IT journey to light through business papers, blogging, customer success stories, and other writing.