Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

2015 Verizon Data Breach Investigations Report: More End Users as Threats

April 15, 2015

  • Blog
  • Archive
Spring has sprung! Temperatures are finally headed in the right direction! It must be data breach report season again! Verizon released its annual investigations report yesterday full of insights from 2014 security incidents and associated data breaches. This year’s version offered a new model to calculate data breach costs (which will make reading the next Ponemon report all the more interesting), emphasized the importance of threat intelligence sharing, and offered new insights around before and beyond the breach, in addition to showcasing its nine incident classification patterns. As always, it was an informative and at times entertaining view into information security; although with few “wow” moments in this year’s edition. I’ll dispense with a full review of the report; there are plenty of great reviews out there, like this one from searchsecurity.com. Instead, I want to talk about a few topics that stood out to me. Breaches are increasing The number of confirmed data breaches increased 55% vs. last year to 2,122. These numbers are a subset of overall security incidents, which increased 26% vs. last year to 79,790. (There were quite a few more data inputs and partners involved in the year’s study.) Breaches resulting from insider misuse are increasing This year’s data shows that 10.6% of confirmed data breaches resulted from insider misuse, up from 8% in 2013. The percentage of incidents that came from insider misuse was 20.6% up from 18% in 2013. Breaches involving the end user are increasing, yet sys admins decreasing This year’s report shows that more incidents involved the end user than ever before. Take a look at a comparison of the data vs. the 2013 data (published in spring 2014). Source: Verizon Data Breach Investigations Reports, 2015 and 2014. Picture1A whopping 37.6% of insider abuse incidents involved the end user in 2014, up from 17% last year. On the upside, however, only 1.6% of incidents were attributed to system administrators this year, down from 6% last year. What to make of the data While breaches – especially those from insider misuse – are increasing year over year, all of the tools, process and technology put in place to control and manage administrator access to systems and data might actually be delivering on their intended purposes. But this focus has come at a cost – end users are increasingly emerging as a greater insider threat. Organizations must tackle this challenge immediately. But how? Achieving control and accountability over privileged user activity Seeing this year’s Verizon data doesn’t come as much of a surprise. After all, we did a study recently indicating that more than a fourth of companies have no controls over privileged access. How do you strike the balance between securing the organization’s critical data and systems while still enabling end user productivity? 1. Assemble cross-functional teams, avoiding a siloed view of privilege. 2. Deploy policies for controls and enforcement. 3. Prioritize implementation by the consequences of a breach. 4. Start with removing end-user privileges. 5. Address the risk of privileged password misuse. Look for a comprehensive privileged account management solution that delivers on every privileged account management scenario, minimizes total cost of ownership, provides a fast time to value, and that provides information to make good risk-based decisions beyond just the privilege silo. If you would like to learn more about BeyondTrust’s approach to privileged account management or get tips on how to get started with your privileged account management project, read this brief white paper or contact us today.

Scott Lang

Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.