3. June 2013 15:59
Verizon recently released its 2013 Data Breach Investigations Report (DBIR), the most comprehensive, longest-running and well-respected report of its kind. In that report, Verizon researchers reiterate what Identity Finder’s research has shown for years: Data-at-Rest breaches account for the majority of the risk, but the minority of the attention:
Two-thirds of breaches involved data stored or “at rest” on assets like databases and file servers. The other one-third was being processed when compromised. (DBIR, p. 47)
Fortunately, of the 10 most targeted asset types world-wide (e.g. Desktops, servers), Identity Finder will protect at least 7, including Databases, Desktops, Laptops, File servers, Mail servers, and web servers. (DBIR, p. 22)
Verizon researchers were also able to identify the types of data that were most desired and most compromised. These included payment data, log-in credentials, trade secrets, personal information, bank account numbers, classified data, medical information, and copyrighted information. Of the top 10 most compromised data types world-wide, Identity Finder will find and secure at least 8 in any file format, on just about any device with a hard drive. (DBIR, p. 22, 46)
Verizon’s report also confirmed that most breaches target storage devices rather than people, since servers, laptops, and other devices contain large amounts of PII and proprietary data at rest. Of all studied breaches,
71% targeted user devices, [and] 54% compromised servers. (DBIR, p. 6, 42)
Regularly scan and clean these devices so you know your risk level, and can lock down devices with a large amount of sensitive information. In fact, Verizon’s first recommendation in the report relates to the importance of data discovery, data minimization, and regular scanning. (DBIR, p. 7) Identity Finder is the industry leader for all of these activities. In addition, DLP software is part of Verizon’s “20 Critical Security Controls” which all organizations should do at a minimum. (DBIR, p. 57)
Identity Finder can help solve one of the industry’s most persistent problems—of all studied breaches, “69% [were] discovered by external parties, [and] 69% took months or more to discover” (DBIR, p. 6, 51). Customers who run Identity Finder on all of their devices become aware of leaks long before they become breaches. Because it often takes so long to discover a breach, it is important to run Identity Finder repeatedly over several months to minimize risk.
…we must accept the fact that no barrier is impenetrable… (DBIR, p. 52)
Network intrusions will occur; minimize your risk by decreasing the size of your data target with Identity Finder.