• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Hacks   »   Trend Micro’s Data Breach Report: “Follow the Data: Dissecting Data Breaches and Debunking Myths”

Trend Micro’s Data Breach Report: “Follow the Data: Dissecting Data Breaches and Debunking Myths”

  • Posted on:September 22, 2015
  • Posted in:Hacks, Internet Safety, Security, Vulnerabilities & Exploits
  • Posted by:Christopher Budd (Global Threat Communications)
1

Data breaches are in the news all the time these days. Whether it’s the loss of credit and debit card information from a retailer like Target or personal and health care information from a health insurance company, there’s a steady drumbeat of stories about data being lost to attackers.

But the stories don’t tell you what happens to the data after it’s stolen. And the news doesn’t necessarily give a full picture. Do outside attackers really account for the majority of data breaches?

Continuing in our tradition of deep research to understand threats and trends, we are proud to release a new research paper that provides one of the most comprehensive analyses of data breaches ever: “Follow the Data: Dissecting Data Breaches and Debunking Myths.”

In this paper, Numaan Huq of the Forward-Looking Threat Research (FTR) Team has taken 10 years of information on data breaches in the United States from the California-based Privacy Rights Clearinghouse (PRC) (from 2005 through 2015) and subjected it to detailed analysis to better understand the real story behind data breaches and their trends.

Some of the information in the report confirms what people know (or think they know). For instance, credit and debit card data breach incidents have increased 169% in the past five years. However, some of the information is also surprising. For example, credit and debit card, bank account, and personally identifiable information (PII) have all plateaued or are dropping due to oversupply in terms of prices on the underground marketplace, while the value of compromised Uber, PayPal and online poker accounts are rising.

But the analysis goes even deeper. Using a Bayesian network to model commonly observed data breach scenarios, Huq identifies a number of deeper trends such as:

  • Hacking or malware attacks account for the single greatest cause of data loss with portable device loss at a close second
  • PII is the data most likely stolen with financial data second
  • Credentials are not the most commonly stolen data, but the most likely data to lead to additional types of data loss

In fact, this report provides a thorough analysis to help people understand the most likely additional data to be lost in a data breach incident.

In addition, this report also contains an addendum report “Follow the Data: Analyzing Breaches by Industry” that goes into even more detail on an industry-by-industry basis for the following industries:

  • Healthcare
  • Government
  • Retail
  • Financial
  • Education

This report then provides detailed information on what happens to the data once stolen, outlining the latest trends in Deep Web market places for stolen data and supplementing our other work around the cybercrime underground economy in the Deep Web.

The report brings its analysis to a close by correlating trends with industry best practices for defense using the “Critical Security Controls” maintained by the Center for Internet Security (CIS) so that to administrators can assess their current security controls for breach defense based on empirical data from the report. Finally the report discusses the state of data breach legislation in the United States.

Taken as a whole, this report and it’s addendum provides one of if not the most comprehensive analyses of data breaches undertaken yet in the industry. It’s something that should be useful for everyone to understand not just what’s happened over the past 10 years but what can happen in the future and how best to defend and protect against it.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

Related posts:

  1. Debunking Breach Myths: Who is Stealing Your Data?
  2. Debunking the Myths Behind US Government Data Breaches
  3. Report: Hackers now No. 1 cause of data breaches
  4. Data Breaches, Vulnerabilities, and Online Banking Malware: Trend Micro’s 2Q 2014 Security Roundup

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.