Report: Most Security Breaches Not Discovered Until Months After

Almost 60 percent of company breaches go unnoticed for months to years, according to a security report by Verizon.

The brief, titled "Verizon 2011 Investigative Response (IR) Caseload Review," studied 90 corporate data breach incidents, half occurring in North America and the other half split between Europe, the Middle East and the Asia-Pacific region.

While the full findings won't be published until later this year, Verizon has released this early brief to highlight some of its analysis.

According to the report, many of the late breach incidents were only known after a third party had contacted the victimized company.

"It is disheartening to say the least that an external party -- typically via fraud detection or customer notification -- detected over two-thirds of breaches," said Verizon. "While not encouraging, it is hardly surprising either when one considers that this statistic has ranged from 61 percent to 86 percent each year we've conducted our study."

The Verizon report also found that a breach caused by an "exploitation of default or guessable credentials" made up 29 percent of all observed attacks. Second on the list were backdoor exploits at 26 percent. Rounding out the top three at 24 percent were attacks occurring after specific passwords or credentials were stolen.

All three of the top attacks were classified as either a hacking or malware vulnerability, which Verizon points out are the only types of attacks that have constantly been on the rise since 2005.

However, the report points out that corporations' security strategy should not only focus on these two threat types.

"Let us be clear: the message to be received here isn't 'disregard all threats except malware and hacking,' but rather 'evidence consistently illustrates that data theft is perpetrated using these kinds of attacks,' said Verizon in the report."The wise organization will therefore identify its weaknesses with respect to malware and hacking threats and prioritize related defenses."

Verizon also found that 92 percent of corporate breaches studied were caused from an external source. It also pointed out that this finding goes against many other security firm analyses that say a majority of breaches are caused from internal sources.

"I think that's a bit of a myth in the security community," said Wade Baker, director of risk intelligence at Verizon Business. "There's fewer people inside of an organization than there are outside and I think it stands to reason that, by the numbers, we will have more external incidents."

Look for Verizon's complete report later this year, which will also factor in data and analysis from international law enforcement agencies and security firms.

About the Author

Chris Paoli is the site producer for and


  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

  • New Microsoft Customer Agreement for Buying Azure Services To Start in March

    Microsoft will have a new approach for organizations buying Azure services called the "Microsoft Customer Agreement," which will be available for some customers starting as early as this March.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.