Those of us in the identity theft, information security and related fields, are always interested in the latest trends in data breaches. One such source of information is Verizon’s annual Data Breach Investigations Report (DBIR).

This report, otherwise known as the DBIR, gathers information from 70 different organizations who report on data breaches, including the Identity Theft Resource Center.  The report then examines the data breaches which have occurred throughout the past year and determines trends in the field.  Of course, the most important part of reading the report and learning about breaches of all sizes and types, is the fact we can use this information to better help consumers and businesses protect themselves. This year’s DBIR held many findings which will help define who needs to be the most concerned about data breaches and how they can protect themselves. 

Here a few of those findings:

  • It is estimated that the financial loss from data breaches covered in the DBIR was $400 million. You read that right and, yes, it is a lot of money. It is large numbers like this that are prompting companies who have long avoided creating a data breach incident plan to do so.  Companies, even small local businesses, are now being forced to look at how they are protecting the personal identifying information (PII) of their clients. In addition, consumers themselves are realizing how much of a pain, and potential expense, it can be if they are not careful about who they are letting have control of their own PII.
  • The ratio of internal to external threats remains relatively static. The DBIR shows that in the past five years of the study, internal threats and external threats only varied around 5%, with more than 80% of threats being external rather than internal. This information can show two things to those interested in how to protect from a data breach. First, you have a much higher risk from external threats than from internal threats.  However, many entities are completely unprepared for an internal threat, which leaves them at risk for an attack from an employee who may be disgruntled or being paid for their intrusion. Businesses must look at both risks to ensure they are protected.
  • One hour is all it took for nearly 50% of the recipients to open an email and click on phishing links.  In a test performed with their partner security firms, Verizon set up an experiment to see how quickly a phishing attack would spread and, therefore, how long a company or individual has to respond to this type of attack.  The fact that almost half of the phishing emails were opened within an hour of them being sent is bad news.  That means a faster spread rate and a larger breach.  There is a reason the name virus was given to this type of malware and that is because it spreads from one victim to the next making an exponential mess for anyone trying to stop it. The DBIR does note though that the best way to stop phishing attacks and protect against the is education and awareness, which can be easily undertaken.

The DBIR continues to remind us that data breaches are something everyone must be concerned about.  The constant adaptation of criminals to surpass security or adapt to new technology will ensure that businesses and consumers will not soon be free of the fear of data breaches.  Click here for full report