Employees remain at the core of data breaches


New Data Breach Report shows people remain the biggest data breach threat

The 2015 Data Breach Investigations Report has been released by Verizon, reporting on 79,790 security incidents in 61 countries involving 2,122 confirmed data breaches.

In 2015 the report, for the first time, includes the risk from endpoint devices as the entry point to compromising other systems. 

Verizon also has new estimates for the financial impact of a data breach, predicting that a breach affecting 10 million records will fall between $2.1 million and $5.2 million in 95% of breach incidents, but could escalate up to $73.9 million. 

Key indicators include:

  • 90% of all security incidents are tied back to “people” - mistakes, phishing, bad behaviour, lost stuff, etc
  • 70-90% of malware samples are unique to an organization
  • 70% of cyberattacks are not sophisticated, relying instead on a combination of phishing and hacking, often involving a secondary victim
  • In 60% of incidents, cyberattacks are successful within minutes
  • 15% of lost or stolen devices take days to discover, likely because employees are slow to report the incidents
It only takes one missing device, one use of insecure WiFi, one compromised password, one click of a phishing email to compromise the entire network.