Verizon released the 2013 version of their Data Breach Investigations Report yesterday. The contributing agencies have grown from 4 in 2012 to 18 in 2013. There is a lot of good information in this report for everybody. From the intro:
And from pubs to public agencies, mom-and-pops to multi-nationals, nobody was immune. As a result—-perhaps agitated by ancient Mayan doomsday predictions—-a growing segment of the security community adopted an “assume you’re breached” mentality.
Some interesting things to me in the report:
- 78% of initial intrusions were rated as low difficulty
- 69% of breaches were discovered by external parties
- 66% of breaches took months or more to discover
In other words, for the majority of networks that were compromised, it was easy to break in and the intruders had access for a long time until an external party notified the organization that they were compromised. To me, those are sobering statistics.
Well worth the download and read. The best thing: you don't have to register or give any information to download the report; just click the download link and get the PDF. Thanks, Verizon!