Where the rubber hits the road for many in IT security is the investigation of specific data breach incidents. So it is with the latest report from the Verizon Business RISK Team, summarising their investigations over the past year.
What is interesting about this report is the type of incidents that were investigated—out of 150 incidents the team investigated 90 resulted in data being breached and over 285 million records were lost exceeding the combined total for 2004–2007 inclusive.
Of course a word to the wise.
This data is from a specific incident response team and does not represent a true picture of all security breaches, rather those in which the team were engaged. This had lead to what I see as a skew in the results. In particular, over 60% of breaches were in retail or financial services organisations and the majority of breaches were from external sources.
This goes against the grain for me—I still maintain that the biggest security threat we face is the inside user—albeit incompetent and non-malicious as opposed to competent and malicious.
Whatever your thoughts are take a look at the paper, it makes for interesting reading.