4 Security Insights via 2014 Verizon Data Breach Investigations Report 4 Security Insights via 2014 Verizon Data Breach Investigations Report

4 Security Insights via 2014 Verizon Data Breach Investigations Report

by Calyptix, May 20, 2014

This year’s Verizon Data Breach Investigations Report is the first to review more than 10 years of security data. The result is a great overview of the threat landscape and the security incidents that plague certain industries.

Here are some charts and insights we pulled:

9 types of security incidents

More than 90% of the security incidents reviewed by Verizon over 10 years fell into nine types, or “incident patterns”:

  • POS intrusions
  • Web app attacks
  • Insider misuse
  • Physical theft/loss
  • Miscellaneous errors
  • Crimeware
  • Card skimmers
  • DoS attacks
  • Cyber-espionage

When looking at a specific industry, only two or three types of incidents drive more than 50% of the total:

4 - chart - breach category by industry

As you can see, most industries grapple with specific types of incidents:

  • Accommodation – 75% of incidents are attributed point-of-sale intrusions. No other type is above 10%.
  • Healthcare – 46% of incidents are attributed to physical theft or loss. This is more than twice the percentage of any other type.
  • Public – More than 50% of all incidents are attributed to internal misuse or miscellaneous errors. Another 19% are attributed to loss or theft. The public sector also had 40-times more security incidents in 2013 than any other industry.

“The public sector’s astronomical count is primarily a result of U.S. agency reporting requirements, which supply a few of our contributors with a vast amount of minor incidents,” according to the report.

External threats reign supreme

The report puts another nail into the coffin of the popular myth that internal threats are greater than external threats.

That may have been true for a brief period in 2007, but those days are long gone:

1 - chart - breach categories over time

External threats account for roughly 90% of all breaches reviewed by Verizon in the last 10 years. I think they myth is dead. Also, note that “breaches” are different from “incidents”. Here are Verizon’s basic classifications for security events:

  • Incident – A security event that compromises the integrity, confidentiality, or availability of an information asset.
  • Breach – An incident that results in the disclosure or potential exposure of data.
  • Data disclosure – A breach with a confirmed disclosure of data to an unauthorized party.

Hackers are the greatest threat

If you ever need a quick example of “exponential growth,” look no further than the line labeled “hackers” below:

2 - chart - threat action category over time

The number of breaches attributed to hackers is rising alarmingly fast. Growth in malware breaches appears slower, but the number has hasn’t fallen in the last seven years. Breaches tied to social engineering – such as email phishing – are also rising.

Hackers want your money

Most cybercriminals are in it for the money. However, a growing number want to steal information for the motherland, and a few do it for laughs.

3 - chart - threat actor motive over time

It may seem that hackers are beginning to be motivated less by money and more by espionage. However, the report’s authors note that the change likely has more to do with new contributors to the report who specialize in espionage research.

The report is fantastic. We recommend browsing through it if you have a moment: 2014 Verizon Data Breach Investigations Report


Related resources

Calyptix 2013 research report summary

Top Threats: Massive denial-of-service attacks


  • […] 4 Security Insights via 2014 Verizon Data Breach Investigations Report […]

    • Reply Cancel Reply
    • September 5, 2014

    I was looking on the VB DB report to see how they defined Internal vs External, but did not see anything that answers that question. Would you happen to know how that is defined in the context of the report? For example, is Internal defined as a Malicious user or bad actor within your company that is a trusted employee, business partner, vendor etc? If so does it also include compromised trusted systems, that are on a companies internal network. A laptop that was infected with malware either in a drive by, or via APT(ATA) through email and url to malicious website. Or would this be considered at this point an external data breach, if a compromised machine exfiltrates data due to C2 instruction? Thanks Nick

Leave a Reply

Your email address will not be published Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>