Data Breaches Becoming More Complex, Pervasive and Damaging

Data breaches are becoming more complex and are no longer confined to just the IT department, but are now affecting every department within an organization. Each breach leaves a lingering, if not lasting imprint on an enterprise, according to the 2017 Data Breach Digest from Verizon.

"Data breaches are growing in complexity and sophistication," said Bryan Sartin, executive director, the RISK Team, Verizon Enterprise Solutions. "In working with victim organizations, we find that breaches touch every part of an organization up to and including its board of directors. Companies need to be prepared to handle data breaches before they actually happen in order to recover as quickly as possible. Otherwise, breaches can lead to enterprise-wide damage that can have devastating and long-lasting consequences such as a loss of customer confidence or a drop in stock price."

The report once again confirms that there is a finite set of scenarios that occur with data breaches but many permutations occur within each, leading to an expansive range of damage that can be observed in the aftermath of a data breach. Breaches in the Digest are defined by type of breach, industry, one of nine DBIR incident patterns, and by stakeholder involvement.

This year's 16 data breach scenarios are also classified according to their prevalence and lethality in the field. Ten of the cases represent more than 60 percent of the 1,400 cases investigated by Verizon's Research, Investigations, Solutions and Knowledge Team over the past three years, while the other six are less common but considered lethal or highly damaging to an organization.

The report groups the 16 scenarios into four different types of breaches and gives each a personality, including:

The human element
- Partner misuse – The Indignant Mole
- Disgruntled employee – The Absolute Zero
Partner misuse – The Indignant Mole
Disgruntled employee – The Absolute Zero
Conduit devices
- Mobile assault – The Secret Squirrel
- IoT calamity – The Panda Monium
Mobile assault – The Secret Squirrel
IoT calamity – The Panda Monium
Configuration exploitation
- Cloud storming – The Acumulus Datum
- DDoS attack – The 12000 Monkeyz
Cloud storming – The Acumulus Datum
DDoS attack – The 12000 Monkeyz
Malicious software
- Crypto Malware – The Fetid Cheez
- Unknown unknowns – The Polar Vortex
Crypto Malware – The Fetid Cheez
Unknown unknowns – The Polar Vortex

This year's report points to five actions an organization should take in the aftermath of a breach:

Preserve evidence; consider consequences of every action taken
Be flexible; adapt to evolving situations
Establish consistent methods for communication
Know your limitations; collaborate with other key stakeholders
Document actions and findings; be prepared to explain them.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.