eDiscovery Daily Blog

More Than Two Thirds of Data Breaches Take Months to Discover: Cybersecurity Trends

One of my favorite annual cybersecurity publications to read is the Verizon Data Breach Investigations Report (DBIR), which analyzes the reported cybersecurity and data breach incidents for the year.  As always, this year’s report has some interesting findings.

But first, this week’s eDiscovery Tech Tip of the Week is about Selecting Views.  Workflows associated with reviewing documents in discovery can be varied, depending on the task to be accomplished during review, the type of information needed to conduct the review effectively and the individual’s preferred style in conducting the review.  It’s important to find a an eDiscovery review platform that gives you options for review that fit your workflows.

To see an example of how Selecting Views is conducted using our CloudNine platform, click here (requires BrightTalk account, which is free).

Anyway, every year, the Verizon DBIR report starts off with a notable quote.  This year, the report writers chose to get downright Shakespearean with the quote “I would give all my fame for a pot of ale, and safety” from Henry V.  Sounds like a pretty good trade to me!

Anyway, here are some interesting statistics from the 68 page PDF report:

  • They are reporting on over 53,000 incidents and 2,216 confirmed data breaches;
  • 73% of reported breaches were perpetrated by outsiders, 28% by internal actors;
  • 50% of breaches were carried out by organized criminal groups;
  • 12% of breaches involved actors identified as nation-state or state-affiliated;
  • Who was affected? 24% of breaches affected healthcare organizations, 15% of breaches involved accommodation and food services, 14% were breaches of public sector entities and a whopping 58% of victims are categorized as small businesses.  So, it’s not just the “big guys” who are the targets.
  • How do they get you? 48% of breaches featured hacking, 30% included malware, 17% of breaches had errors as causal events, 17% were social attacks, 12% involved privilege misuse and 11% of breaches involved physical actions.
  • Also, 49% of non-point of sale malware was installed via malicious email, 76% of breaches were financially motivated and, the most remarkable stat, 68% of breaches took months or longer to discover.

As always, the report chock full of graphics and statistics which makes it easier to read than the size of the report indicates and covers everything from social attacks to ransomware to denial of service to incident classification patterns and coverage of data breaches and other incidents in several industries.

You can download a copy of the report here.  Once again, you can register and download the report or just choose to download the report.  This is our fourth year covering the report (previous reports covered here, here and here).  Enjoy!

So, what do you think?  Have you ever experienced any data breaches, either personally or professionally?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.