US telecoms company Verizon has studied the forensic reports of
data breaches covering the last four years to uncover trends in
corporate data loss. It found that 73% of company data loss
incidents were caused by external sources.
"Our findings indicate that data compromises are considerably
more likely to result from external attacks than from any other
source," said the report. "Nearly three out of four cases yielded
evidence pointing outside the victim organization."
The report said that data breaches were different to other kinds
of security breaches when it came to the source of the fault.
"The relative infrequency of data breaches attributed to
insiders may be surprising to some. It is widely believed and
commonly reported that insider incidents outnumber those caused by
other sources," said the report. "While certainly true for the
broad range of security incidents, our caseload showed otherwise
for incidents resulting in data compromise. This finding, of
course, should be considered in light of the fact that insiders are
adept at keeping their activities secret."
The report defined external threats as including hackers,
organised crime groups and government entities. The category
included not just people but events, such as typhoons and
earthquakes.
Verizon also found that a company's business partners are
involved in a significant proportion of data security breaches. It
said that 39% of cases had some business partner involvement,
though it said that such involvement was not always conscious.
"Though this sometimes indicated collusion, more commonly one
party was an unsuspecting participant to the crime. In a scenario
witnessed repeatedly, a remote vendor’s credentials were
compromised, allowing an external attacker to gain high levels of
access to the victim’s systems," said the report.
In fact the levels of business partner involvement have soared
in recent years, it said. "The important trend is … that breaches
involving business partners increased five-fold between 2004 and
2007."
"This finding is certainly reflective of parallel trends within
the extended enterprise emphasizing information sharing, systems
integration, and collaboration among business partners," it
said.
The report, which analysed 500 of data breaches incidents, did
discover, though, that while internal breaches were more rare, they
were usually more serious in nature.
"The median size (as measured in the number of compromised
records) for an insider breach exceeded that of an outsider by more
than 10 to one," it found. "Likewise, incidents involving partners
tend to be substantially larger than those caused by external
sources. This supports the principle that privileged parties are
able to do more damage to the organization than outsiders."
