The E3 Blog

Data Breach Intel

by Larry Godfrey | Thursday, June 23rd, 2011

The Verizon RISK Team recently released its 2011 Data Breach Investigations Report. This year’s report included data from the U.S. Secret Service and the Dutch High Tech Crime Unit.  The data reported spans 761 investigated compromise incidents in 2010 and contained some interesting results, especially for the small and medium sized business. The report is very well done and a must-read for anyone in the business of protecting their customers’ data.

Here are some of the highlights:

  • 92% of attacks were not highly difficult
  • 96% of breaches were avoidable through simple or intermediate controls
  • 89% of victims subject to PCI-DSS had not achieved compliance
  • 83% of victims were targets of opportunity
  • 57% of investigations were businesses with 11-100 employees
  • 40% of breaches were in the hospitability industry (restaurants and hotels)


These statistics show that PCI-DSS validation and ongoing compliance are no guarantee against suffering a data breach, as 11% of those deemed compliant were still breached. It does demonstrate that adhering to PCI-DSS and doing the basics of data security put the odds of protecting your business in your favor. The fact that 83% of the victims were targets of opportunity rather than specifically targeted also backs this up.

So, were small and medium sized businesses (especially restaurants and hotels) breached more because they were easier targets?  There may be more to it than that. The report made an interesting point:

“Criminals may be making a classic risk vs. reward decision and opting to ‘play it safe’ in light of recent arrests and prosecutions following large scale intrusions into Financial Services firms. Numerous smaller strikes on hotels, restaurants, and retailers represent a lower-risk alternative, and cybercriminals may be taking greater advantage of that option.”

The most important thing business owners of all types and sizes can learn from looking back in this year-in-review of data breaches is how to protect themselves moving forward. While the threat landscape continues to evolve, Heartland’s E3™ end-to-end encryption solution remains one of the most effective and cost-efficient ways to ensure your business is protected … and hopefully not one of the incidents used by the Verizon RISK Team in its 2012 Report.

Leave a Reply

 
You are now leaving E3Secure.com
You will be leaving the E3secure.com domain and entering an external link. The link provides additional information that may be useful or interesting and is being provided consistent with the intended purpose of E3secure.com. However, E3secure.com cannot attest to the accuracy of this information provided by this link or any other linked site. Providing links to a non-E3secure.com website does not constitute an endorsement by E3secure.com, Heartland Payment Systems or any of its representatives, affiliates or employees or the information or products presented on the site. Also, be aware that the privacy protection provided on the E3secure.com domain (see Privacy Policy) may not be available at the external link.
Go Back Continue