Startling findings in Verizon Data Breach Report
The 2008 Data Breach Report (PDF) just published by Verizon Business has come up with some unexpected findings. Most dramatically, only 22 per cent of breaches in Verizon's sample resulted from exploitation of a vulnerability, and 80 per cent of those vulnerabilities were known and had patches available at the time of the attack. The service provider reckons that 78 per cent of the breaches included in the sample would still have occurred if systems had been fully patched as soon as a patch was available.
Overwhelmingly, Verizon found that outsiders were the greatest threat – 73 per cent of all breaches were triggered from beyond the perimeter. However, individually, outsiders had the least impact, at least in terms of records exposed. The 18 per cent of insider breaches compromised ten times as many records. Partners accounted for 39 per cent of breaches, with about double the impact of the outsiders. A disturbing 30 per cent involved multiple parties
Fifty-nine per cent of breaches resulted from "hacking" and intrusion, but 62 per cent were down to human error. Eighty five per cent were found to be opportunistic. Worryingly, Verizon suggest that about 75 per cent of all data breaches go unnoticed by the victim and 87 per cent would have been preventable by applying basic security measures.