Almost every security incident and data breach recorded during 2013 can be traced back to a series of basic threat types or 'patterns', many of which are specific to industry sectors, Verizon's bellwether 2014 Data Breach Investigations Report (DBIR) has concluded.
The firm's latest report - the result of input from an unprecedented 50 organisations in 95 countries - offers this as a nugget of hope for a business world hit by a surge in data breach incidents that reached record proportions during the year.
This DBIR crunched numbers from 1,367 confirmed breaches and 60,437 security incidents, uncovering nine basic patterns that seemed to lie at the root of almost of data loss event. These were point of sale, web app attacks, insider misuse, lost or stolen devices, miscellaneous/employee error, crimeware and malware, payment card skimming, DDoS, and last but not least, cyber-espionage.
While these categories are not new Verizon's hugely expanded DBIR analysis is the first to relate specific types of incidents to real data breaches and reported incidents, in the process discovering something that security experts have long suspected but never been able to prove; every enterprise is vulnerable to a subset of these security threats but which threat will depend on an organisation's type of business.
For confirmed breaches, the commonest single cause was web app attacks (e.g. software flaws and online bank phishing) on 35 percent, ahead of cyber-espionage on 22 percent, and Point-of-Sale (POS) intrusions on 14 percent. The data is striking; seven out of ten real-world data breaches were caused by only these three underlying attack vectors, ahead of card skimmers on 9 percent and insider misuse on 8 percent.
Finance led the way in terms of breaches with 465, with public sector second on 175 thank to notification laws that compel disclosure, retail third with 148, and accommodation fourth on 137.
When looking at overall security incidents (which might or might not have led to breaches), a surprising number of involved employees, with miscellaneous staff errors first on 25 percent, crimeware (i.e. malware) second on 20 percent, insider misuse third on 18 percent and physical loss fourth on 14 percent.
If this sounds a bit convoluted the takeaway is that organisations should draw a distinction between attacks that cause security incidents and ones likely to lead to actual breaches. Which attacks are likely to lead to breaches will vary widely by sector.
For a finance organisation this means defending against phishing and authentication/web app attacks, payment card skimmers and DDoS attacks designed to take down portals. By contrast, for retail the threat is overwhelmingly about stopping POS attacks and DDoS. As to another breach-prone sector, healthcare, the major issue could be insider abuse and data theft.
Sign up for Computerworld eNewsletters.