This year’s Verizon Data Breach Investigations Report is the first to review more than 10 years of security data. The result is a great overview of the threat landscape and the security incidents that plague certain industries.
Here are some charts and insights we pulled:
More than 90% of the security incidents reviewed by Verizon over 10 years fell into nine types, or “incident patterns":
When looking at a specific industry, only two or three types of incidents drive more than 50% of the total:
As you can see, most industries grapple with specific types of incidents:
“The public sector's astronomical count is primarily a result of U.S. agency reporting requirements, which supply a few of our contributors with a vast amount of minor incidents,” according to the report.
The report puts another nail into the coffin of the popular myth that internal threats are greater than external threats.
That may have been true for a brief period in 2007, but those days are long gone:
External threats account for roughly 90% of all breaches reviewed by Verizon in the last 10 years. I think they myth is dead. Also, note that “breaches” are different from “incidents”. Here are Verizon’s basic classifications for security events:
If you ever need a quick example of “exponential growth,” look no further than the line labeled “hackers” below:
The number of breaches attributed to hackers is rising alarmingly fast. Growth in malware breaches appears slower, but the number has hasn’t fallen in the last seven years. Breaches tied to social engineering – such as email phishing – are also rising.
Most cybercriminals are in it for the money. However, a growing number want to steal information for the motherland, and a few do it for laughs.
It may seem that hackers are beginning to be motivated less by money and more by espionage. However, the report's authors note that the change likely has more to do with new contributors to the report who specialize in espionage research.
The report is fantastic. We recommend browsing through it if you have a moment: 2014 Verizon Data Breach Investigations Report