The new Verizon 2014 Data Breach Investigations Report has found that device theft or loss is the most common adverse security event across all industries.
Covering a decade of more than 63,000 security incidents, the Verizon report notes that 94 percent of threats to data security in 2013 can fit into nine categories: point-of-sale intrusions, web app attacks, insider privilege and misuse, physical theft and loss, miscellaneous errors, crimeware, payment card skimmers, denial of service, cyber-espionage, with the other 6 percent covering “everything else.”
While the frequency of each pattern depends upon the industry, data loss and theft apply to all.
According to the report, incidents of loss are 15 times more common than theft, meaning many data loss incidents can be attributed to employees simply misplacing laptops, flash drives and other media and devices that contain sensitive information.
In the healthcare sector, 46 percent of data loss incidents were the result of theft or loss. As we've written in the past, device encryption is a great way to ensure that if a device is lost or stolen, there's a smaller chance someone could access the information stored on that device.
The finance industry was a big target for criminal hackers according to the study, with 27 percent of incidents categorized as web application attacks, 26 percent as distributed denial of service attacks and 22 percent attributed to payment card skimmers.
Data loss “incidents” were defined by Verizon as “a security event that compromises the integrity, confidentiality or availability of an information asset,” making them distinct from data “breaches.”
While Verizon suggests data backup as a security control to protect against theft or loss, we recommend routine backup be used in all cases, because it gives clients safe data to recover in the event of any attack or data loss incident.
The findings show that for many organizations, it took months to discover security breaches, sometimes even years (for web app attacks, insider and privilege misuse, miscellaneous errors and cyber-espionage).
“After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime – and the bad guys are winning,” Wade Baker, principal author of the report, told The Register, “But by applying big-data analytics to security-risk management, we can begin to combat cybercrime more effectively and strategically … No one is immune from a data breach.”
You know how important backing up data can be, but the Verizon report proves how vital routine backups are to organizational data safety. And the security of the backup solution you implement is also critically important, as HIPAA holds IT providers just as responsible for data security as healthcare providers.