The 2010 Data Breach Investigations Report is an analysis of data from actual breach cases worked on by Verizon and the US Secret Service. The results of the report should be required reading for all IT professionals as well as anyone interested in the current state of corporate data breaches, IT security and cyber-crime.
The 2010 dataset includes 141 breach cases worked in 2009 by Verizon and the US Secret Service. The amount of data records compromised in these studies is over 143 million. The sheer amount of data provides a solid set for analysis.
Over the next few weeks, in related posts, we will discuss some of reports main points.
Demographics of Data Breaches
Out of the 141 confirmed cases, the top three industries, based on breach incidents, are Financial Services, Hospitality and Retail. Not surprisingly, 94% of all compromised records were attributed to Financial Services. It is concluded that the financial service industry has the highest value information and also the largest volume of high value information. The Hospitality and Retail industries are increasing targets because of their Point of Sale systems and consumers reliance on payment cards. The number of breaches for the Hospitality and Retail industry will only increase as more electronic data is transacted and stored. It is up to these industries to adopt more stringent protection policies of their customer’s data.
Geographically, the U.S. has the highest reported incidences of data breaches. It is not surprising given the vast amount of international and domestic financial transactions taking place daily in the U.S. The authors of the report also highlight a key reason for the reported U.S. cases:
The report notes that in the past two years the international caseload has increased consistently in Asian-Pacific and Western-European countries.“The reason we hear more about data beaches in the U.S. stems from mandatory disclosure laws. Outside the U.S. breach disclosure differs significantly. Some countries are still silent on the matter, others encourage it but don’t require, and some even discourage disclosure. (9)"
U.S. businesses are responsible for large amounts of confidential information. As the report points out, much data breach risk can be removed by establishing usage policies that are pro-active and constantly maintained. This requires constant support by each person in the organization, as a chain is only as strong as its weakest link.
All information sourced from Verizon 2010 Data Breach Report PDF
No comments:
Post a Comment