5 Key Takeaways from Verizon Data Breach Report

Physical loss of assets accounted for 8% of data breaches in the recent study

The best takeaway from the Verizon Data Breach Reports: when it comes to preventing physical theft and loss, people can be careless.

careless-employee-data-breach.jpg
 

Photo: Physical Theft & Loss. Photo from Verzion DBIR 2017

Bottom-Line:

"You can't keep people from leaving their laptops in cars or their tablets on the train. Misplacement is more common than theft."

Here are 5 more takeaways:

  1. Healthcare industry's top 3 patterns that represent 80% of its data breaches:

    • Privilege Misuse
    • Miscellaneous Errors
    • Physical Theft and Loss
  2. Healthcare and Public industries were at the top for physical theft and loss, incidents where an information asset went missing, whether through misplacement or malice.
  3. Employees and other internal operators are responsible for 25% of data breaches
  4. Overall, 8% of data breaches were due to physical actions
  5. 73% of breaches were financially motivated

How do we reduce the impact of physical theft or loss of electronic assets?

It starts with encryption. Implementing full disk encryption with BitLocker and FileVault which are native to Windows and Mac respectively, will significantly reduce confirmed breach of the equipment. 

There are incidents where unused or old electronic devices are stolen from rooms full of out of service IT equipment. Properly destroying data on IT equipment can help eliminate data breaches. This may be conducted by:

  • wiping the data via software
  • destroying all magnetized information on electronics via degausser
  • physical destruction of internal hard drives by hard drive shredding
  • or finally, in the most extreme cases, reducing equipment to ash via incineration

Hammering home data-handling policies and monitor for inappropriate data transfers can also help prevent data breaches.

View the full report, here.


Do you have policies and procedures in place for handling data residing on IT equipment that has reached the end of it's life cycle?

e-End is an expert in keeping companies compliant with securing and sanitizing end of life data and preventing costly data breaches.  Contact us...