Cybercrime Report: Most Breaches Are Low-Tech

Published: April 24, 2013

Most of the data breaches in 2012 were accomplished using tactics that don’t require much technological know-how, according to a recently released cyber security study conducted by Verizon.

The 2013 Data Breach Investigations Report claims that less than 1% of the compromises in the study used tactics rated as “high” on the VERIS difficulty scale, and 78% of the techniques were rated “low” or “very low.” Additionally, laptops, desktops and servers are the assets that are most vulnerable and were used in 69% of the attacks included in the study. More than two in five (41%) of the cases of misuse involved unapproved hardware, like handheld card skimmers and personal storage devices.

The individuals most likely to be involved in the data breaches were customer staff, such as cashiers and call center employers, and end users. Administrators were the third most likely to be involved, although in 60% of the cases, that involvement was accidental.

Another disturbing trend was the growing amount of time it takes for organizations to spot a breach. Nearly two-thirds (66%) of the breaches in the report took months or years to discover. That’s a 10 percentage point increase compared to 2011.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

The report recommends organizations eliminate unnecessary data and track the data that remains; regularly check to verify controls are in place; analyze and share incident data and tactical threat intelligence to improve security; improve detection; measure number of compromises; apply security that is appropriate for your particular organization; and respect the tenacity of your adversaries as well as the ability of intelligence and the tools available to thwart attacks.

Read the full report.

Related Articles:

Posted in: News

ADVERTISEMENT
ADVERTISEMENT
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series