Thanks to the 7Safe security breach investigation team’s work, a report in conjunction with the University of Bedfordshire, supported by SOCA (Serious & Organised Crime Agency) and the Metropolitan Police Service has been released.
UK Security Breach Investigations Report 2010
The UK Security Breach Investigations Report 2010 is an analysis of data compromise cases over an 18 month period. Some of the statistics that come out of the analysis are:
- 69% of organisations suffering breaches were retailers.
- The majority of organisations (66%) were small companies employing less than 100 people.
- In 85% of cases, payment card data (e.g. credit and debit card numbers) was compromised
- Where payment cards were at risk, the most common number at risk were between 20,000-50,000.
- 80% of attacks on data came from sources external to the organisation, and 18% came from business partners
- SQL injection was found to be by far the most common factor across all data breaches
- 86% of compromises came from attacks on applications, with just 14% on the IT infrastructure
- The country where most attacks appeared to originate from was Vietnam (36%), followed by the USA (29%) and the UK herself (13%)
- All organisations that had payment card data compromised were not fully PCI DSS compliant at time of compromise. Further, of the 12 PCI Data Security Standards, the most srequirements that any of the organisations complied with was 6.
You can download the UK Security Breach Investigations Report 2010 fromwww.7safe.com/breach_report. It’s free.