Not a Member?  Become One Today!

 
Fighting Data Breach
Verizon data breach report identifies effective ways for HR to fight cyberthreats

By Aliah D. Wright  4/29/2014

 

When it comes to data breaches, “nine basic patterns make up 92 percent of security incidents,” according to the Verizon 2014 Data Breach Investigations Report, released April 23.

Those patterns, experts said, will help organizations fight cyberthreats.

“After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime—and the bad guys are winning,” said Wade Baker, principal author of the report series. “But by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically,” he stated in a media release.

“Organizations need to realize no one is immune from a data breach. Compounding this issue is the fact that it is taking longer to identify compromises within an organization—often weeks or months—while penetrating an organization can take minutes or hours,” he said.

Cyber criminals are especially keen on targeting HR data.

“An employee’s employment history, any derogatory or personal information, financial information, or personally identifiable information all have value to someone,” said Eric M. Fiterman, founder of Spotkick, a Washington, D.C.-area cybersecurity company, to HR Magazine in “Keep Cyber Spies Out” (July, 2013).

That’s not all. A stolen medical identity has a street value of $50, while a stolen Social Security number sells for about a dollar, according to Kirk Herath, chief privacy officer at Nationwide Mutual Insurance Co. Yet most people don’t protect their medical information as diligently as they protect their Social Security number.

HR professionals must be vigilant about protecting employee data, experts said.

According to the Verizon report, the nine threat patterns are:

  • Miscellaneous errors such as sending an e-mail to the wrong person.
  • Crimeware (various malware aimed at gaining control of systems).
  • Insider/privilege misuse.
  • Physical theft/loss.
  • Web app attacks.
  • Denial-of-service attacks.
  • Cyber espionage.
  • Point-of-sale intrusions. 
  • Payment card skimmers. 

Verizon began publishing the data breach report in 2007. Researchers this year analyzed more than 1,300 confirmed data breaches and more than 63,000 reported security incidents. For the first time, the report “includes security incidents that don’t result in breaches, in order to gain a better understanding of the cybersecurity landscape,” according to the media release.

Throughout the 10-year range of the study, the number of data breaches has risen from 400 to more than 5,900. Fifty organizations from around the world, including Verizon, contributed data and analysis to this year’s report.

Aliah D. Wright is an online editor/manager for SHRM and author of A Necessary Evil: Managing Employee Activity on Facebook, Twitter, LinkedIn … and the Hundreds of Other Social Media Sites (SHRM, 2013).

Copyright Image Obtain reuse/copying permission