2015 Verizon Data Breach Report: 9 Basic Patterns Cause Most Security Incidents

By Christine Kern, contributing writer

By Christine Kern, contributing writer
Verizon released its 2015 Data Breach Investigations Report (DBIR), which found that, while cybercriminals are using increasingly sophisticated means in their attacks, security breaches are precipitated in nine basic ways:
- miscellaneous errors, such as sending an email to the wrong person
- crimeware (various malware aimed at gaining control of systems)
- insider/privilege misuse
- physical theft/loss
- Web app attack
- denial-of-service attacks, cyberespionage
- point-of-sale intrusions
- payment card skimmers
The report is based on 79,790 security incidents and 2,122 confirmed breaches from 70 contributing organizations representing 61 nations. The investigation found 70 percent of cyberattacks used a combination of these techniques and involve a secondary victim, which add complexity to a breach.
The report concludes many cyberattacks could be prevented through a more vigilant approach to cybersecurity. This year’s investigation found many vulnerabilities still exist because security patches were never implemented; some were traced back to 2007. The report also highlights what Verizon researchers call the “detection deficit” — the time that elapses between a breach and its discovery. In 60 percent of breaches, it only takes moments for attackers to compromise an organization.
This year’s report also includes a new assessment model for gauging the financial impact of a security breach, based on the analysis of nearly 200 cyber liability insurance claims. The model accounts for the fact that the cost of each stolen record is directly affected by the type of data and total number of records compromised, and shows a high and low range for the cost of a lost record (i.e., credit card number, medical health record).
“We believe this new model for estimating the cost of a breach is groundbreaking, although there is definitely still room for refinement,” says Mike Denning, vice president of global security for Verizon Enterprise Solutions. “We now know that it’s rarely, if ever, less expensive to suffer a breach than to put the proper defense in place.”