Most data breaches result from lapses in common-sense precautionary measures as opposed to high levels of sophistication on the part of hackers, according to the annual report on data breaches issued this week by Verizon.
The report concluded that in 97 percent of data breach instances, relatively simple methods were employed by hackers to gain access, and 80 percent of the attacks were crimes of opportunity as opposed to campaigns against specifically-targeted companies.
“Ninety-seven percent (of breaches) were avoidable, without the need for organizations to resort to difficult or expensive countermeasures,” the report said.
In many cases the breached companies had poor or no password policies, with easy-to-guess or default passwords, open ports to the web or had no firewalls in place.
Researchers found that while breaching a company’s data infrastructure generally occurred through relatively simple exploits, the hackers’ demonstrated higher levels of sophistication when actually navigating within and stealing data.
After breaking in, hackers installed malware that enabled them to manipulate permission and access privileges, set up backdoors, remote control companies’ networks and find and extract sensitive data. Hackers showed adeptness at remaining undetected for extended periods and exiting leaving little or no trace.
The report’s conclusions were based on investigation and analysis of more than 850 known data breaches during 2011 and were compiled by Verizon in conjunction with the U.S. Secret Service, law enforcement agencies in the UK, Australia, Ireland and the Netherlands.
View A full copy of the report (2.2 MB PDF)