Thursday, July 24, 2008

2008 Data Breach Investigations Report

A study on data breach was conducted by the Verizon Business RISK Team. It is the most comprehensive and detailed report on data breaches as it covers around 4 years of forensic researches.

This data breach report found that 73% of the breaches were caused by external sources. However, the impact caused by the insiders were much larger when they did occur. The report shows that 59% of the breaches involve hacking. Of those (hacking) the breakdown is this:

  • Application/Service layer -39%
  • OS/Platform layer - 23%
  • Exploit known vulnerability -18%
  • Exploit unknown vulnerability - 5%
  • Use of back door -15%

"Attacks targeting applications, software, and services were by far the most common technique, representing 39 percent of all hacking activity leading to data compromise. This follows a trend in recent years of attacks moving up the stack. Far from passé, operating system, platform, and server-level attacks accounted for a sizable portion of breaches. Eighteen percent of hacks exploited a specific known vulnerability while 5 percent exploited unknown vulnerabilities for which a patch was not available at the time of the attack. Evidence of re-entry via backdoors, which enable prolonged access to and control of compromised systems, was found in 15 percent of hacking-related breaches. The attractiveness of this to criminals desiring large quantities of information is obvious."

So if we multiply 59% times 39% we get 23% of those data breaches are due to attackers hacking applications. It is clear that securing applications is a significant part of protecting against data breaches. And data breaches have been moving to upper stack of the the OSI model.