Cybercrime Report: Most Breaches Are Low-Tech

Most of the data breaches in 2012 were accomplished using tactics that don’t require much technological know-how, according to a recently released cyber security study conducted by Verizon.

The 2013 Data Breach Investigations Report claims that less than 1% of the compromises in the study used tactics rated as “high” on the VERIS difficulty scale, and 78% of the techniques were rated “low” or “very low.” Additionally, laptops, desktops and servers are the assets that are most vulnerable and were used in 69% of the attacks included in the study. More than two in five (41%) of the cases of misuse involved unapproved hardware, like handheld card skimmers and personal storage devices.

The individuals most likely to be involved in the data breaches were customer staff, such as cashiers and call center employers, and end users. Administrators were the third most likely to be involved, although in 60% of the cases, that involvement was accidental.

Another disturbing trend was the growing amount of time it takes for organizations to spot a breach. Nearly two-thirds (66%) of the breaches in the report took months or years to discover. That’s a 10 percentage point increase compared to 2011.

The report recommends organizations eliminate unnecessary data and track the data that remains; regularly check to verify controls are in place; analyze and share incident data and tactical threat intelligence to improve security; improve detection; measure number of compromises; apply security that is appropriate for your particular organization; and respect the tenacity of your adversaries as well as the ability of intelligence and the tools available to thwart attacks.

Read the full report.

Related Articles:

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety HQ