Anatomy of a data breach – Why breaches happen and what to do about it

In a world where data is everywhere, it has become harder than ever for healthcare organisations to protect confidential information. In fact, more electronic records were breached in 2008 than in the previous four years combined.[1] Automation of electronic medical records, clinical systems and medical imaging poses increasing challenges to safeguarding the privacy of patient data and securing the IT infrastructure housing an organisation’s most sensitive information.

While the continuing onslaught of data breaches is well-documented, what is far less understood is why data breaches happen and what can be done to prevent them. In order to get ahead of the data breach challenge, it is essential to understand why they occur. Third-party research into the root causes of data breaches, including data from the Verizon Business Risk Team^[2] and the Open Security Foundation,^[3] reveals three main types: well-meaning insiders, targeted attacks and malicious insiders. For example, targeted attacks are often enabled inadvertently by well-meaning insiders when an insider's failure to comply with security policies leads to a breach.^[4]

Well-Meaning Insiders. Company employees who inadvertently violate data security policies continue to represent a major factor in occurrence of data breaches. According to the Verizon report, 67% of breaches in 2008 were aided by "significant errors" on the part of well-meaning insiders.^[5] In a 2008 survey of 43 organisations that had experienced a data breach, the Ponemon Institute found that over 88% of all cases involved incidents resulting from negligence.^[6]

Targeted Attacks. In today's connected world, where data is everywhere and the perimeter can be anywhere, protecting information assets from sophisticated hacking techniques is an extremely difficult challenge. Driven by the rising tide of organized cyber-crime, targeted attacks are increasingly aimed at stealing information for the purpose of identity theft. More than 90 percent of records breached in 2008 involved groups identified by law enforcement as organized crime.^[7] Such attacks are often automated using malicious code that can penetrate into an organisation undetected and export data to hacker sites. In 2008, Symantec created more than 1.6 million new malicious code signatures, more than in the last 17 years combined, and blocked an average of more than 245 million attempted malicious code attacks worldwide every month.^[8]

The Malicious Insider. Malicious insiders constitute a growing segment of breach drivers, and a proportionately greater portion of the cost to business of data breaches. The Ponemon study found that data breaches involving negligence cost $199 per record while those caused by malicious acts cost $225 per record.^[9]

With the regularity of data breaches making headlines almost daily, it might seem reasonable to regard data breaches as an inevitable by-product of our connected world, a cost of doing business that we must simply learn to live with. A closer view of the facts, however, suggests that this is not necessarily the case. Symantec's security expertise, global intelligence network and real-world experience with customers combine to inform a more confident perspective. By following a risk-based and content-aware information security strategy that incorporates multiple solutions working together in concert, data breaches are preventable.

How to stop breaches

By following a risk-based and content-aware information security strategy that incorporates multiple solutions working together in concert, data breaches are preventable. Here are six steps that any organisation can take to significantly reduce the risk of a data breach using proven solutions:

• Proactively protect information with a unified data loss prevention solution
• Automate the review of entitlements to sensitive data
• Identify threats by correlating real-time alerts with global security intelligence
• Deploy a multi-layered combination of security solutions to stop incursion by targeted attacks
• Establish network defenses to detect and block data exfiltration.
• Integrate prevention and response strategies into security operations

How to get started

The first step in creating a prevention and response plan is to identify the types of confidential data your organization needs to protect and use that information to measure your risk of exposure. Once you are able to define and prioritize your data risk levels, the next step is to engage stakeholders and form a project team-which should include IT security, compliance, and business data owners-that can evaluate solutions and recommend actions.

For many organizations, the process begins with a data breach workshop. The Symantec Data Breach Workshop helps organizations quickly identify their confidential information and accurately identify and quantify their risk of a data breach. In a typical engagement, you will be able to quantify your risk of data loss and prioritize your risk by data types, systems, and groups in order to create a data breach prevention and response plan. The resulting Symantec Data Loss Risk Assessment Report identifies top security violations by data type and policy; benchmarks your overall risk profile compared to industry averages; and recommends appropriate business processes, policies, and awareness programs designed to reduce risk. To schedule a Symantec Data Breach Workshop, contact Symantec at go.symantec.com/one-breach. 

Why Symantec?

Symantec is the world leader in security with by far the largest global presence of any security software company. We protect more systems, companies, and communities than anyone. Symantec delivers the highest-rated products and services-and more of them. We also we offer the deepest security expertise and the most comprehensive global intelligence. For organizations that need to protect their vital information, respond to threats, demonstrate compliance, and manage security efficiently, Symantec is the proven leader.

To view a full copy of the Anatomy of a Data Breach whitepaper, contact Symantec at http://go.symantec.com/one-breach.

References:

[1] Verizon Business Risk Team, 2009 Data Breach Investigations Report
[2] Ibid.
[3] datalossdb.org
[4] Verizon Business Risk Team, op.cit.
[5] Ibid.
[6] Ponemon Institute, 2008 Annual Study: Cost of a Data Breach, February 2009
[7] Ibid.
[8] Symantec Internet Security Threat Report XIV
[9] Ponemon Institute, op. cit.