Verizon Data Incident Report – Peeling Back the Covers

Where the rubber hits the road for many in IT security is
the investigation of specific data breach incidents. So it is with the latest
report from the Verizon Business RISK Team, summarising their investigations
over the past year.

What is interesting about this report is the type of
incidents that were investigated—out of 150 incidents the team investigated 90
resulted in data being breached and over 285 million records were lost
exceeding the combined total for 2004–2007 inclusive.

Of course a word to the wise.

This data is from a specific incident response team and does
not represent a true picture of all security breaches, rather those in which
the team were engaged. This had lead to what I see as a skew in the results. In
particular, over 60% of breaches were in retail or financial services organisations
and the majority of breaches were from external sources.

This goes against the grain for me—I still maintain that
the biggest security threat we face is the inside user—albeit incompetent and
non-malicious as opposed to competent and malicious.

Whatever your thoughts are take a look at the paper, it
makes for interesting reading.