Verizon Data Breach Report Offers Scary Truths About Security

NEWS ANALYSIS: The Verizon study finds that the best way to prevent data breaches is not expensive or new, but rather simple. The fact that businesses don’t adhere to good security practices is more frightening than the breaches themselves.

Verizon€™s annual "Data Breach Investigations Report" includes some sobering findings that show just how pervasive social and political hacking has become. So-called €œhacktivism€ was responsible for 58 percent of all data stolen in 2011. Nearly 80 percent of attacks were opportunistic, and most significant of all, 96 percent were avoidable.

The primary motive for external data breaches was financial gain€”companies were hacked to get at credit card or other personal data that could then be used to steal money, secrets or other valuable resources, according to the report.

But that€™s not what€™s really scary.

Buried deep within the Verizon report (scroll down to page 61 if you€™ve followed the link above) you€™ll find a section on recommendations, and there you€™ll find a simple pie chart showing that the fixes for 63 percent of all organizations are simple and cheap. Most of the rest are a little harder, but they are still within the capabilities of even the smallest companies.

Worse, the preventive measures are things that security experts have been saying for more than a decade, starting from the days of the first viruses and the first efforts at social engineering to distribute malware.

The simplest solution of all€”buy a firewall.

Apparently, small businesses around the world simply haven€™t been paying attention and still haven€™t gotten even the most basic message about security. That message is simple: A firewall makes it harder for a hacker or automated malware to break into your computer, and if it€™s hard to do, then the vast majority of opportunistic hackers will move on to the low-hanging fruit of unprotected computers.

The second€”changing the defaults€”is even cheaper because it costs nothing, and the people who sell firewalls have tried to automate the process for you when you set them up.

That means don€™t use the default service set identifier (SSID) on your wireless router (seeing a router named €œLinksys€ tells a hacker that you haven€™t changed anything including the password), turn on WiFi Protected Access (WPA) encryption, and change the password. If you follow the instructions on that one-page €œgetting started€ poster that comes with wireless routers, the built-in wizard will lead you through all this.

For small businesses, the third step should be a no-brainer, but apparently it€™s not.