Anytime there is a notification of another data breach — which is essentially every day at this point — the details of the event tend to get washed away, and the breach is reduced to basically two pieces of information: the name of the victimized company and the number of records it lost. This leads to an assumption that all of these incidents are created equal, which is demonstrably not the case. Verizon Business on Thursday released a supplement to its June Data Breach Investigative Report, which shows that of all the breaches the company’s security response team worked on from 2004 through 2007, the majority (62%) were caused by errors and not malware or direct attacks.
The Verizon Business Supplemental Report, which breaks the incidents down by industry, found that errors were by far the largest contributing factor in breaches in the technology industry, affecting 67% of breaches. By contrast, hacking only contributed to 45% of incidents in the tech sector. “It could rightly be said that some form of error occurs somewhere in the chain of events surrounding nearly all data breaches. While this is true, our investigators focus on errors that directly cause or significantly contribute to the incident,” the report says. With that in mind, the report shows that errors of omission are by far the largest problem, contributing to 80% of breaches in all industries.
The data in the report is fascinating and, aside from the causes of the breaches, there is plenty of fodder for further investigation. The other thing that jumped out at me is that in many of the incidents that had attacks as a contributing factor, the Verizon team found that the attack took some significant skill to execute. Across all industries, 45% of these incidents were rated either moderate or high in terms of difficulty. In the tech industry, 69% of the attacks took moderate or high skills.
I have to say that surprises me more than a little bit. Most of the experts I’ve talked to about specific incidents that they’ve been involved with have said that the attack involved was usually a low-level one, like the Wi-Fi sniffing attack that was used in the TJX breach. What this tells me, among other things, is that there is a whole lot we don’t know about these breaches, especially with regard to how they’re going down and why. More information, please.