Verizon: Fear lazy IT staff not smartphone security

By Chris Davies/April 15, 2015 2:14 pm EST

Many of the companies and organizations you trust your personal data to are storing it on unpatched and unprotected servers, Verizon has concluded, with carelessness a key contributor to data breaches. In fact, laziness in applying long-released security patches remains a primary weakness, the company's 2015 report discovered. However while mobile security has become a key talking point by Apple, Google, and others, each pitching their platform as the safest for users, the stats suggest the risk there is "negligible," in fact.

Listen to the NSA, the White House, and security advisors, and you'd be forgiven for assuming that the primary peril companies face in keeping data secure is teams of state-supported rogue hackers in the Middle East or China. Turns out, Verizon's 2015 Data Breach Investigations Report concludes, that though cyberespionage is a contributing factor, companies aren't doing themselves any favors with the basics.

In fact, many of the vulnerabilities utilized in the almost 80,000 incidents analyzed for the report could be traced back to 2007.

According to Verizon, "many existing vulnerabilities remain open, primarily because security patches that have long been available were never implemented."

That lackadaisical attitude to security means there are just nine common threat patterns which, together, account for 96-percent of all the incidents. They include simple user error such as sending an email to the wrong recipient, insiders using the access for nefarious purposes, and physical theft or loss of computer hardware.

Denial-of-Service (DoS) attacks, targeted malware, and web app attacks also contributed, while point-of-sale and card skimmers were also involved in many cases.

Ironically, for all the attention placed on smartphone and tablet security – both Apple and Google execs have called out their rivals for apparently lacking in protection for users – Verizon's data crunching suggests you're probably pretty safe no matter what device you use.

"The overall number of exploited security vulnerabilities across all mobile platforms is negligible," the company concludes.

Far more dangerous is the "detection deficit" between when a breach is successful and when the victim actually discovers it has taken place. More than a quarter of incidents saw such deficits extending as long as months.

The advice is to use two-factor authentication where available, keep systems up to date, and encrypt if at all possible. Of course, as a user it's difficult to know exactly what the services you're relying upon are doing to bolster their digital defenses, but increased attention on the risks involved could force greater transparency and make data safety as high-profile as service features themselves.

SOURCE Verizon