Hacking involved in most data breaches, according to report

Out-Law News | 10 Sep 2013 | 5:31 pm | 1 min. read

Most data breach incidents involve some form of hacking, according to a new report.

In its 2013 Data Breach Investigations Report, Verizon said that it had analysed more than 47,000 reported security incidents last year and found 621 "confirmed data disclosures" where at least 44 million records had been "compromised". More than half of the 621 data disclosures involved hacking, it said.

"52% of breaches affecting all organisations involved hacking," the report said. "That figure changes to 72% of small organizations and 40% of large organisations."

Malware was present in 40% of the data disclosure cases Verizon identified, whilst "weak or stolen credentials" helped enable "network intrusions" in 76% of all the cases. Financial motives were the predominant single driver behind data breaches, whilst 71% of cases involved the targeting of user devices, Verizon said.

In most cases (69%), breaches were identified by external parties, such as internet service providers, rather than the organisation experiencing the breach, it said. Breaches took months to uncover in two thirds of the cases, it added.

Verizon said that businesses can help combat the threat of data breaches by eliminating "unnecessary data" and by "keep[ing] tabs on what's left". It said companies should "collect, analyse and share incident data" and "tactical threat intelligence" to help improve the effectiveness of their systems security and improve the chances of detecting crime.

"Without deemphasising prevention, focus on better and faster detection through a blend of people, processes, and technology," Verizon recommended.

"Regularly measure things like 'number of compromised systems' and 'mean time to detection' in networks. Use them to drive security practices," it added.

Verizon also said that companies should not view security solutions as "one-size fits all" and should instead monitor for threats specific to their business in order to tailor a "treatment strategy".