Do the Findings of the 2008 Data Breach Investigations Report Differ Among Industries?
By Wade Baker
Since releasing the 2008 Data Breach Investigations Report (DBIR) in June, we’ve frequently been asked some form of the following question: “Do the findings presented in the report differ among industries?” It’s a good question, and one we’re working on answering at length in a supplemental report contrasting the four most frequently breached industries (Financial Services, Tech Services, Retail, and Food & Beverage) using the original dataset. We plan to release the report sometime next month, but would like to give you a sneak peak in this post.
You may remember that the 2008 DBIR considered three main sources, or origins, of data breaches: external, internal and partner. The upcoming supplemental report naturally adopts this same trio of sources. Based on Verizon Business caseload from 2004 through 2007, the figure below depicts the percentage of breaches attributed to internal, external and partner sources for each industry group.
The predominant pattern to note here is that each industry exhibits the same pattern or order (External sources being highest followed by Partner then Internal) except Tech Services, in which insider breaches were more common than those involving partners. Our explanation of this finding is straightforward: Tech Services are often in the role of “the partner” to the other industries, providing management, hosting and other services. It stands to reason that organizations in this industry likely employ a high percentage of tech-savvy staff and grant them high levels of access to numerous systems. Unfortunately, some find that access to sensitive and valuable resources is a temptation too difficult to resist. Facing similar temptations, insiders in the Financial Services industry were behind a large proportion of breaches as well.
The Food and Beverage industry shows a very different but yet striking series of statistics. Insider breaches fall well below other industries while the percentage for partners is extremely high – almost equaling that of external sources. At first this may seem counter-intuitive as staff within this industry constantly handle money, checks and credit cards. When incidents happen, however, they are more likely to be handled by law enforcement personnel than our Investigative Response team since such thievery doesn’t typically require hacking into systems.
The large percentage of partner breaches in the Food and Beverage industry is mostly due to the scenario mentioned earlier in which an external attacker compromises a partner and then uses that asset as a privileged platform to attack the victim. In the Food and Beverage industry, this is often a vendor supporting the Point of Sale system using default or shared credentials among many clients. Though not a willing accomplice, the partner’s lax security practices – often outside the victim’s control - undeniably allow such attacks to take place. This is obviously a much needed area of focus for security efforts within the Food and Beverage industry.
So, do the findings of the 2008 DBIR differ among industries? You betcha. We hope this gives you a taste of what those differences entail. The remaining statistics from the 2008 DBIR will be aligned with these key verticals in the upcoming 2008 Data Breach Investigations Supplemental Report.
Tags: Computer Crime, Data Breach, Data Breach Report, forensics, Information Security, Investigations, Personally Identifiable Information
