Most data breaches discovered too late, study says

Many companies only learn of breaches when notified by third party

Most enterprises only learn about data breaches in their networks months after their data has already been compromised, according to a new study conducted by Verizon Business.

Most companies only learn about network data breaches  in the months after their data has already been compromised, according to a new study.

The study, conducted by Verizon Business, looks at data breaches in a wide variety of industries, such as retail, food and beverage, technology services and financial services, and examines more than 500 forensics investigations comprising roughly 230 million records over a period of four years.

Looking at the big picture, the study finds that three-fourths of all data breaches lead to compromised data within a matter of days. Despite this, the study also finds that 63% of enterprises don’t learn about data breaches until months after their data has been compromised. What’s more, 70% of all data breaches are discovered by third parties, such as customers or banks, meaning that most companies have no idea that their data has been compromised until they are alerted by an outside voice.

And even after breaches are discovered, the study finds that nearly half of them take weeks to fix, while only 37% are fixed within a matter of days or hours.

A strong majority (73%) of enterprise data breaches come from external sources, while only 18% come from internal sources such as IT administrators or employees. However, while internal data breaches are far less common than external data breaches, they are far more damaging to data security: a median of 375,000 records are compromised during internal security breaches, compared with a median of 30,000 for external security breaches, according to the study.

The most popular method for breaching company data is hacking, which accounts for 59% of all data breaches studied. Thirty-nine percent of all hacks occur at the application or service layer, while 23% occur at the operating system or platform layer. Interestingly, the study finds that 18% of all hacks exploit known data vulnerabilities. Of these known vulnerabilities, full nine-tenths had patches available for six months prior to the breach.

The study lists several ways for businesses to guard themselves against future data breaches, most of which do not require a heavy investment in upgrading IT infrastructure. In the first place, the study says that companies fail to actually enact their established security policies. The study also notes that 83% of all network attacks are not difficult attacks to thwart, and the 85% are opportunistic attacks that are not directed against a particular entity but are rather initiated randomly through techniques such as phishing. What’s more, the study finds that evidence of 82% of all breaches studied is available to the victims but that this evidence is not noticed or acted upon. Thus, the study recommends that enterprises concentrate on enforcing the basics of data security – such as actively monitoring data logs and creating data retention plans – before they take extra precautions against sophisticated hacking or malware assaults.

“Security breaches and the compromise of sensitive data are very real and growing concerns for organizations worldwide,” says Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions. “This can help companies better understand data breaches. . . . Most importantly, it urges organizations to be proactive in their approach to security.”

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

IT Salary Survey 2021: The results are in