Report: Most Security Breaches Not Discovered Until Months After

Almost 60 percent of company breaches go unnoticed for months to years, according to a security report by Verizon.

The brief, titled "Verizon 2011 Investigative Response (IR) Caseload Review," studied 90 corporate data breach incidents, half occurring in North America and the other half split between Europe, the Middle East and the Asia-Pacific region.

While the full findings won't be published until later this year, Verizon has released this early brief to highlight some of its analysis.

According to the report, many of the late breach incidents were only known after a third party had contacted the victimized company.

"It is disheartening to say the least that an external party -- typically via fraud detection or customer notification -- detected over two-thirds of breaches," said Verizon. "While not encouraging, it is hardly surprising either when one considers that this statistic has ranged from 61 percent to 86 percent each year we've conducted our study."

The Verizon report also found that a breach caused by an "exploitation of default or guessable credentials" made up 29 percent of all observed attacks. Second on the list were backdoor exploits at 26 percent. Rounding out the top three at 24 percent were attacks occurring after specific passwords or credentials were stolen.

All three of the top attacks were classified as either a hacking or malware vulnerability, which Verizon points out are the only types of attacks that have constantly been on the rise since 2005.

However, the report points out that corporations' security strategy should not only focus on these two threat types.

"Let us be clear: the message to be received here isn't 'disregard all threats except malware and hacking,' but rather 'evidence consistently illustrates that data theft is perpetrated using these kinds of attacks,' said Verizon in the report."The wise organization will therefore identify its weaknesses with respect to malware and hacking threats and prioritize related defenses."

Verizon also found that 92 percent of corporate breaches studied were caused from an external source. It also pointed out that this finding goes against many other security firm analyses that say a majority of breaches are caused from internal sources.

"I think that's a bit of a myth in the security community," said Wade Baker, director of risk intelligence at Verizon Business. "There's fewer people inside of an organization than there are outside and I think it stands to reason that, by the numbers, we will have more external incidents."

Look for Verizon's complete report later this year, which will also factor in data and analysis from international law enforcement agencies and security firms.

About the Author

Chris Paoli is the site producer for and


  • Microsoft Uniting OneDrive and SharePoint Admin Portals Next Month

    Microsoft is converging its OneDrive and SharePoint Admin Center management portals, with a consolidated portal expected to arrive for Microsoft 365 subscribers "through February."

  • Phishing Tops Concerns in Microsoft Study of Remote Work

    Potential phishing attacks were a top concern of most IT security professionals when organizations switched to remote-work conditions early last year.

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

comments powered by Disqus