One the one hand, it’s always important to maintain a healthy skepticism when reading about the latest data breaches. Major incidents might grab the headlines, but they don’t always tell the whole story. On the other hand, cold hard facts collected over a period of 10 years offer a great opportunity for us to analyze some of the key trends, separate fact from fiction and really dig down into who’s stealing our data and why.
That’s exactly what we’ve done with our latest report – Follow the Data: Dissecting Data Breaches and Debunking Myths – which is based on publicly disclosed data breach records from 2005-15 collected by the Privacy Rights Clearinghouse (PRC). Armed with this information, we hope more Trend Micro customers will be able to fortify themselves against such breaches in the future.
Insiders vs outsiders
Cyber-attacks and data breaches as reported by mainstream media tend to focus on hackers, malware authors, shadowy state-sponsored operatives and ruthless cybercrime gangs. But this is only part of the picture. Here are some of the other causes of data breaches over the past decade:
Our analysis shows that hacking and malware from malicious outsiders only contributed to one quarter of data breaches over the past 10 years. Although hacking incidents have been on the rise since 2010, so has the malicious insider threat. The following is a breakdown of the breach methods observed across industries within this report.
This could be for two reasons: insider leaks may not have been properly reported until 2010, or it’s simply becoming more lucrative to steal corporate data to sell.
Alert, contain, mitigate
Whatever the reason, the truth is that it can be harder defending against the actions of a malicious or negligent employee than battling an outside threat.
Here are just a few tips which should help you with alert, containment and mitigation:
This is by no means an exhaustive list, and not intended as a silver bullet. After all, a determined foe will always be able to breach your defenses given time. However, if you assume compromise and begin to roll-out some of these technical and non-technical measures, you stand a better chance of avoiding the worst effects of a breach.
Click here to read Trend Micro’s two reports: Follow the Data: Dissecting Data Breaches and Debunking the Myths and Follow the Data: Analyzing Breaches by Industry.