Once More Unto the Breach
Verizon, in conjunction with the Dutch National High Tech Crime Unit and the US secret service, have recently released their findings on investigations into about 800 data breaches within the cloud. The report makes for disturbing reading.
Perhaps not surprisingly, 92% of breaches were from external agents: this is an increase of 22% from the previous year. 50% of the breaches involved some form of hacking (up 10% from 2010) and, worryingly, 49% incorporated malware (up 11%).
Very concerning, in my view, is that 92% of attacks were not considered highly difficult (this figure is 7% higher than 2010), 96% were avoidable through simple or intermediate controls and 86% of these breaches were discovered by a third party (up a huge 25%). This speaks volumes. It is certainly the case that hindsight is always 20-20, but with so much information out there on cyber criminals and so many examples of data breaches, for 96% of cases to be avoidable with relatively little effort is a crime in itself. And considering so many breaches did not need specialist skills to perform them, the figures suggest a blatant disregard and disrespect for customer data.
Organizations are simply not doing enough to project the data of their customers - that's you and me. We have all heard of the sometimes very serious data breaches by Sony and others too. Preventing your data escaping is one thing - having that data unencrypted is quite another and is usually unforgivable, since it is almost always a relatively trivial operation to encrypt that data.
Image credit: Salvatore Vuono