Most data breaches caused by outsiders, study finds


US telecoms company Verizon has studied the forensic reports of data breaches covering the last four years to uncover trends in corporate data loss. It found that 73% of company data loss incidents were caused by external sources.

"Our findings indicate that data compromises are considerably more likely to result from external attacks than from any other source," said the report. "Nearly three out of four cases yielded evidence pointing outside the victim organization."

The report said that data breaches were different to other kinds of security breaches when it came to the source of the fault.

"The relative infrequency of data breaches attributed to insiders may be surprising to some. It is widely believed and commonly reported that insider incidents outnumber those caused by other sources," said the report. "While certainly true for the broad range of security incidents, our caseload showed otherwise for incidents resulting in data compromise. This finding, of course, should be considered in light of the fact that insiders are adept at keeping their activities secret."

The report defined external threats as including hackers, organised crime groups and government entities. The category included not just people but events, such as typhoons and earthquakes.

Verizon also found that a company's business partners are involved in a significant proportion of data security breaches. It said that 39% of cases had some business partner involvement, though it said that such involvement was not always conscious.

"Though this sometimes indicated collusion, more commonly one party was an unsuspecting participant to the crime. In a scenario witnessed repeatedly, a remote vendor’s credentials were compromised, allowing an external attacker to gain high levels of access to the victim’s systems," said the report.

In fact the levels of business partner involvement have soared in recent years, it said. "The important trend is … that breaches involving business partners increased five-fold between 2004 and 2007."

"This finding is certainly reflective of parallel trends within the extended enterprise emphasizing information sharing, systems integration, and collaboration among business partners," it said.

The report, which analysed 500 of data breaches incidents, did discover, though, that while internal breaches were more rare, they were usually more serious in nature.

"The median size (as measured in the number of compromised records) for an insider breach exceeded that of an outsider by more than 10 to one," it found. "Likewise, incidents involving partners tend to be substantially larger than those caused by external sources. This supports the principle that privileged parties are able to do more damage to the organization than outsiders."