Landmark Research Paper From Verizon On Data Breaches

Verizon recently released a landmark research paper titled "2008 Data Breach Investigations Report" based on a study done by their Business RISK Team. The paper is freely available and is the first of its kind. In short, it provides significant insights into data breaches based on more than 500 forensic engagements handled by the Verizon Business Investigative Response team.

Since the results are based only on Verizon client engagements, they should not be considered the universal norms. The report itself describes this in the section on methodology. However, this report is something that security professionals shouldn't miss going through.

Based on the report, the likelihood of data breaches originating from internal sources is the minimum (18%). Partners 39% and external parties 73%. These numbers do not sum up to 100% since some data breaches are due to more than one source.

Interestingly, external parties had not been able to grab much data though – probably due to the multiple layers of security deployed in organizations that external parties need to travel through to reach the data.

Even though the likelihood of internal sources being engaged with data breaches is low at 18%, the report indicates that if they grab data, they take data in the biggest bags – probably because internal parties have sufficient access to the data.

In the middle are the partners. They will have a higher degree of access to data than the external sources, but less than that of internal sources. Hence, when they take data way, they use mid size bags.

Taking the likelihood and the size of data breaches together, the report nicely highlights who are the greatest risk: the partners! Secondly, internal sources. Thirdly, external sources.

Apparently, we need to think again about our partners and their degree of access to our data!