First published in 2008, the Verizon Data Breach Investigations Report (DBIR) is an industry standard, with a data set that includes 700 million compromised records this year.
The report includes contributions from 70 organizations including IR/forensic firms, international Computer Security Information Response Teams, government agencies and other security industry verticals.
When it comes to fraud, data breaches can be considered the gateway crime. If the data compromised is personally identifiable like social security or account numbers, it’s open season for cybercriminals when it comes to individual identities.
According to the report, the top three industries affected by security incidents or data breaches were Public, Information and Financial Services. This isn’t to say they are the only industries affected. Instead, it illustrates the type of data cybercriminals are interested in, and that once they identify a target how successful they are at getting that data.
The increase in 2014 incidents and breaches underscores the importance of managing risk and stopping the aftermath of data breaches that come in the form of fraud like account takeover, stolen credit card data or other stolen identity fraud like credit/loan application fraud.
Here are some takeaways from the report:
- RAM scraping has grown in a big way. This type of malware was present in some of the most high profile retail breaches.
- In 60% of cases, attackers are able to compromise an organization within minutes.
- For two years, more than two-thirds of incidents that comprise the Cyber-Espionage patterns have featured phishing.
- 96% of mobile malware was targeted at the Android platform (which is what our data at iovation mirrors as well).
- The forecasted average loss for a breach of 1,000 records is between $52,000 and $87,000.
The report also asserts something we often say here at iovation, “With security, there is no “one size fits all” approach.” That’s why it’s critical that businesses take a high level multi-layered approach to risk management. It’s also why within our own services we provide multi-layered tactics for fraud prevention like device recognition, anomaly tracking, velocity rules, proxy piercing and shared records of fraud. Visit Verizon’s site to read the full report.