Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Verizon 2012 Data Breach Investigations Report Bears Out Why ThreatMetrix Offers the Most Complete Solution for Protecting Against Corporate Security Breaches

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Yes, Verizon we can hear you now. And, those of you responsible for security at your respective companies perhaps might want to listen too, because this is an exhaustive study: 2012 Data Breach Investigations Report (DBIR).  That’s exhaustive, not exhausting — though it runs 78 pages and you might want a break now and then.

The study was done by the Verizon RISK Team in cooperation with the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service.

In addition to what it called “mainline cybercriminals,” this broadly based study touched on the effects of the Arab Spring, Occupy protests and hacktivism. “Doubly concerning for many organizations and executives was that target selection by these (hacktivist groups) didn’t follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you can’t predict their behavior.”

Another area of great concern was the “continued attacks targeting trade secrets, classified information, and other intellectual property.”

The study pointed out that 2011’s 855 incidents and 174 million compromised records made it “the second-highest data loss total since (DBIR started) keeping track in 2004.”

Ninety-eight percent of the breaches were the result of external attacks either by organized crime, hacktivist groups or others. And breaches were most often the result of hacking and malware:

  • 81 percent utilized some form of hacking up 31 percent
  • 69 percent incorporated malware up 20 percent
  • 10 percent involved physical attacks down19 percent
  • 7 percent employed social tactics down 4 percent
  • 5 percent  resulted from privilege misuse down12 percent

Not surprising perhaps, the study found that 79 percent of the victims were targets of opportunity. “Most victims fell prey because they were found to possess an (often easily) exploitable weakness rather than because they were pre-identified for attack.”

One thing to note is 85 percent of breaches took weeks or more to discover and 92 percent of incidents were discovered by a third party.

By ThreatMetrix Posted