There is a large and growing risk of data breaches affecting businesses of all sizes, and the unfortunate truth of the matter is that many of these companies simply aren’t doing enough to adequately protect themselves.
In 2012, nearly seven in every 10 data breaches suffered worldwide were not discovered by the companies that took the hit, but rather a third party, according to the latest Data Breach Investigations Report from the Verizon RISK Team. In addition, 9 percent of these incidents were actually spotted by the customers of the company itself. More concerning, however, might be just how easy it was for hackers to gain access to the data using relatively common and easily avoidable tactics. Nearly three in 10 such incidents were at least partially the result of cybercriminals using email, phone contact or social media networks to gain access to critical information, and more than three-quarters exploited weak or stolen login data.
In fact, nearly 80 percent of all such incidents required very little expertise to pull off, the report said. While one in 10 were so easy the average Internet user could have caused them, another 68 percent were the result of hacking attacks using the most basic methods, requiring relatively few resources to complete. Only one breach suffered in all of 2012 required “advanced skills, significant customizations, and/or extensive resources” to complete.
That is likewise reflected in the amount of time it took to cause most data breaches, the report said. Altogether, 84 percent took hours or even minutes to perpetrate, while these incidents typically took months or even years to discover. Nearly two-thirds of all breaches took at least that long, up from just 56 percent the year before, proving that it’s actually becoming more difficult to spot breaches, as well as contain them. While most were remediated in hours or days, nearly a quarter took months.
Companies that control sensitive information either for their clients or consumers may consequently want to do all in their power to ensure that they are as protected as possible against breaches in general. This can often be as simple as beefing up online security and properly training workers as to the proper basic procedures for protecting this data, but even those easy steps can significantly increase security and reduce liability in the event a business is targeted.