Security Experts:

Comparing Data Breaches Year over Year

Each year, security experts and IT experts take a hard look at the threats that dominated in years past in an effort to prepare for the future. While hacker groups and technology are evolving faster than ever, there are still trends we can spot if we take a far and wide enough step back to see the whole picture. The annual Verizon Data Breach Investigations report shines some holistic light on what’s been happening in the world of cybercrime. Here’s a look at the past two years of this report, summarizing the movement of threats and how they’ve changed between 2010 and 2011.

Isolating Threat Sources

External agents are now the biggest security threat, and much more powerful and prevalent than in years past. Companies of all sizes are wising up to how real security threats are, and taking measures internally to prevent breaches. More organizations are developing, auditing, and enforcing more encompassing internal security policies including more stringent electronic use policies covering mobile devices and further locking down remote access to sensitive data. Because of this, internal threats greatly decreased from 2010 at 12 percent, to 2011 at just 2 percent, leaving most recent data breaches occurring from external sources. 86 percent of data breaches were perpetrated by external sources in 2010, compared to 98 percent in 2011. Let’s not forget partners, whose systems integrations led to 2 percent of data breaches in 2010, but less than 1 percent in 2011. As attack trends change, it’s an advantage to know where most threats reside.

Data Breaches

Top Methods for Data Breaches

Hacking, malware, and a combination of the two are still the most dangerous and widespread types of tactics currently used that result in data breaches. Infection vectors in malware spiked 15 percent from 2010 to 2011, and are an added threat to watch out for more conscientiously. We know that threats come in an array of weapons, here’s how the numbers break down:

Hacking made up 50 percent of data breaches in 2010 and 81 percent in 2011 (increase of 31 percent). Malware was involved with 49 percent of breaches in 2010 but 69 percent in 2011 (increase of 20 percent). Within the Malware-related cases, the percent of infection vectors in 2010 was 80 percent and in 2011 it was a whopping 95 percent.

Again, organizations being more aware of threats have successfully reduced the number of internal and physical attacks, as they are both easier to prevent with security protocols in place. In 2010, 29 percent of breaches were a result of physical attacks, and that number dropped to just 10 percent in 2011. We can expect it to be even lower in 2012. Concurrently, privilege misuse comprised 17 percent of breaches in 2010, but just 5 percent last year.

Last year I wrote an article about social engineering. Indeed, social tactics remain and are ever increasing. Because of the prevalence of credential theft in 2011, statistics can be a little misleading in regards to social engineering. In 2010, they comprised 11 percent of breaches, but only 7 percent in 2011. It’s hard to say if that number will decrease in years to come. Social engineering and other social tactics tend to be more sneaky and hard to predict until it’s too late.

What’s Stayed The Same

Some things continue to elude us and other things we continue to not learn from. We are seeing that some attacks are becoming increasingly easier for hackers, but have been shown to be largely avoidable if proper precautions had been put in place. Here’s a snapshot of some security challenges that saw little to no change between 2010 and 2011.

• Victims of opportunity = 83% in 2010 / 79% in 2011

• Attacks that were not highly difficult = 92% in 2010 / 96% in 2011

• Avoidable by simple or intermediate controls = 96% in 2010 / 97% in 2011

• Victims subject to PCI-DSS had not achieved compliance = 89% in 2010 / 96% in 2011

• Both years, the hospitality industry was the most aggressively attacked, with the financial and insurance industries taking second place respectively.

• In 2010, 22 countries fell victim to data compromise and in 2011 this rose to 36 countries.

Breach containment on the rise

One piece of positive news is that more breaches were contained quickly in 2011 than in 2010. This shows that companies are better prepared to deal with data breaches than they were before, possibly as part of their security plans that include immediate reactive measures. 34 percent of breaches were contained within days of becoming known in 2010. In 2011, that rose to 42 percent.

Going forward, it’s important to remember the seriousness and implications of being breached. With the prevalence of data being stolen, security and data protection is on the forefront of everyone’s mind. It’s sometimes easy to become complacent and put off security tasks until “tomorrow.” It’s a bit unnerving to think that most, nearly all, of the breaches in recent years could have been prevented with simple security measures and countermeasures.

Related Reading: Analyzing The Verizon Breach Report

view counter
Chris Hinkley is a Senior Security Engineer at Armor where he maintains and configures network security devices, and develops policies and procedures to secure customer servers and websites. Hinkley has been with Armor (previously FireHost) since the company’s inception. In his various roles within the organization, he’s serviced hundreds of customer servers, including Windows and Linux, and overseen the security of hosting environments to meet PCI, HIPAA and other compliance guidelines.