Anatomy of a data breach: Why breaches happen and what to do about it

By Sarah Whipp, VP of Marketing for EMEA at Symantec

Sarah Whipp, Symantec

For companies with critical information assets such as customer data, intellectual property, trade secrets, and proprietary corporate data, the risk of a data breach is now higher than ever before. In fact, more electronic records were breached in 2008 than in the previous four years combined.¹

In a world where data is everywhere, it has become harder than ever for organisations to protect confidential information. Complex, heterogeneous IT environments make data protection and threat response very difficult. Yet today's businesses depend upon their security teams to ensure that information collaboration and sharing by an increasingly mobile workforce remains safe and secure.

Why Data Breaches Happen

While the continuing onslaught of data breaches is well-documented, what is far less understood is why data breaches happen and what can be done to prevent them. In order to get ahead of the data breach challenge, it is essential to understand why they occur. Third-party research into the root causes of data breaches, including data from the Verizon Business Risk Team² and the Open Security Foundation,³ reveals three main types: well-meaning insiders, targeted attacks and malicious insiders. In many cases, breaches are caused by a combination of these factors. For example, targeted attacks are often enabled inadvertently by well-meaning insiders when an insider's failure to comply with security policies leads to a breach.⁴

Well-Meaning Insiders. Company employees who inadvertently violate data security policies continue to represent a major factor in occurrence of data breaches. According to the Verizon report, 67% of breaches in 2008 were aided by "significant errors" on the part of well-meaning insiders.⁵ In a 2008 survey of 43 organisations that had experienced a data breach, the Ponemon Institute found that over 88% of all cases involved incidents resulting from negligence.⁶

Targeted Attacks. Driven by the rising tide of organized cyber-crime, targeted attacks are increasingly aimed at stealing information for the purpose of identity theft. More than 90 percent of records breached in 2008 involved groups identified by law enforcement as organized crime.⁷ Such attacks are often automated using malicious code that can penetrate into an organisation undetected and export data to hacker sites. In 2008, Symantec created more than 1.6 million new malicious code signatures, more than in the last 17 years combined, and blocked an average of more than 245 million attempted malicious code attacks worldwide every month.⁸

The Malicious Insider. Malicious insiders constitute a growing segment of breach drivers, and a proportionately greater portion of the cost to business of data breaches. The Ponemon study found that data breaches involving negligence cost $199 per record while those caused by malicious acts cost $225 per record.⁹

With the steady drumbeat of data breaches making headlines almost daily, it might seem reasonable to regard data breaches as an inevitable by-product of our connected world, a cost of doing business that we must simply learn to live with. A closer view of the facts, however, suggests that this is not necessarily the case. Symantec's security expertise, global intelligence network and real-world experience with customers combine to inform a more confident perspective. By following a risk-based and content-aware information security strategy that incorporates multiple solutions working together in concert, data breaches are preventable.

How to Stop Data Breaches

To monitor and protect information from both internal and external threats across every tier of their IT infrastructure, organisations should select solutions based on an operational model for security that is risk-based, content-aware, responsive to threats in real time and workflow-driven to automate data security processes. Here are six steps that any organisation can take to significantly reduce the risk of a data breach using proven solutions:

1. Proactively protect information with a unified data loss prevention solution.
2. Automate the review of entitlements to sensitive data.
3. Identify threats by correlating real-time alerts with global security  intelligence.
4. Deploy a multi-layered combination of security solutions to stop incursion by targeted attacks.
5. Establish network defenses to detect and block data exfiltration.
6. Integrate prevention and response strategies into security operations.

How to Get Started

The first step in creating a prevention and response plan is to identify the types of confidential data your organization needs to protect and use that information to measure your risk of exposure. Once you are able to define and prioritize your data risk levels, the next step is to engage stakeholders and form a project team - which should include IT security, compliance, and business data owners - that can evaluate solutions and recommend actions.

For many organizations, the process begins with a data breach workshop. The Symantec Data Breach Workshop helps organizations quickly identify their confidential information and accurately identify and quantify their risk of a data breach. To schedule a Data Breach Workshop, contact Symantec at go.symantec.com/one-breach.

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organisations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored.

More information and a full copy of the Anatomy of a Data Breach whitepaper is available here: go.symantec.com/one-breach.

Sarah Whipp is VP of Marketing for EMEA at Symantec. She joined Symantec in July 2009 after nine years at McAfee, most recently as VP of EMEA Marketing. Symantec is the world's fourth-largest software company and a global leader in providing security, storage and systems management solutions.

Footnotes:

[1] Verizon Business Risk Team, 2009 Data Breach Investigations Report
[2] Ibid.
[3] http://datalossdb.org
[4] Verizon Business Risk Team, op.cit.
[5] Ibid.
[6] Ponemon Institute, 2008 Annual Study: Cost of a Data Breach, February 2009
[7] Ibid.
[8] Symantec Internet Security Threat Report XIV
[9] Ponemon Institute, op. cit.