Most government data breaches caused by employees, says Verizon study
About 58 percent of cyber security incidents in the public sector were caused by employees, according to this year’s annual Verizon Data Breach Investigations Report. About 34 percent were caused by employee accidents in handling data and about 24 percent by unapproved or malicious data use.
Data handling errors could include emailing documents to the wrong person or forgetting to redact certain parts of a document, for example. They could also include mailing personal information to the wrong person through traditional mail, or not disposing of hard drives properly or shredding sensitive documents, the report says.
One reason employee misuse of data is particularly high compared to the other sectors reviewed in the report could be the public sector’s heavy data breach reporting requirements, Kevin Thompson, Verizon senior analyst and report co-author, told Government Security News.
In the manufacturing and mining industries, cyber espionage was the largest data breach source, accounted for 30 percent and 40 percent of incidents, respectively. For utilities, 38 percent of data breaches were caused by Web application attacks and 31 percent by crimeware. Data loss incidents may be less likely in critical infrastructure as opposed to government, said Thompson, because such organizations tend to work with considerably less personal data.
The report also found that the time between a data breach and its discovery, which has always been lengthy in previous reports, appears to be widening. Many organizations rely on third party organizations or law enforcement to tell them about breaches, said Thompson. Some organizations may want to “put more dollars into detection so they can respond faster.”
Some government agencies may want to use or improve their use of data loss prevention solutions to prevent both data handling errors and attempts to steal information, the report says. Such solutions can identify information such as credit card numbers, social security numbers, and medical billing codes traversing a network. It could also be good to spot check physical mailings to help prevent errors. To fix the misuse of sensitive data, agencies could consider strengthening efforts to review account activity when employees give notice or have been released, and to disable user accounts as soon as employees leave, the report says.
A total of 50 organizations, including Verizon, contributed data and analysis to the report, compared to 19 last year. The report analyzed more than 1,300 confirmed data breaches and more than 63,000 reported security incidents.