Verizon Report Shows Good, Bad News in Data Breach Trends
Fraud detection is no longer the most common way that companies hear about breaches of their data systems. But third parties still are more likely to find a breach before the victim.The annual Verizon Data Breach Investigations Report (DBIR) typically highlights the overwhelming advantage that attackers continue to have in attacking corporate networks and data. Yet this year's report has a few bright spots, as well.
For the first time, more breaches were detected using internal controls than fraud-detection mechanisms, according to the report. Although the shift is almost entirely due to the drop in point-of-sale compromises and third parties continued to be the overwhelming way that victims hear about breaches, Verizon flagged the trend as a positive one.Law enforcement, for example, became the top source of data breach discovery, but computer emergency response teams (CERTs) have increasingly taken part in notifying companies that they have been compromised, Marc Spitler, senior analyst at Verizon and a co-author of the report, told eWEEK. "CERTs are becoming more active in notification," he said. "Also there is more information sharing and more threat information out there." Released on April 22, the Verizon DBIR is an annual look into the trends in data breaches. In 2013 point-of-sale breaches have declined, while breaches resulting from Web attacks are on the rise. Point-of-sale breaches accounted for 14 percent of incidents in 2013, down from 31 percent during the preceding two years. Breaches due to Web attacks rose to 35 percent, from 21 percent in the preceding two years.