An Analysis of Data Security Incidents
Rajat Venkatesh — 1/3/2020 — 1 Min Read
Veris Community compiles information security breaches and incidents based on a standard. They also maintain a database of incidents - VCDB - regularly updated by the community.
Caveat: The community was most active in 2012 and 2013, reflected by the number of incidents reported between those years. Nevertheless, the granularity of the data makes this dataset very useful. Tokern analyzed the dataset with a focus on insider threats and database breaches. The key findings are:
- 47% of incidents were due to internal actors.
- 14% of incidents involved a database system
- Among incidents involving a database system:
- 60% of incidents involved internal actors.
- 70% of incidents were due to misuse, error, or social
Overview of the dataset
The VCDB database had data on 8352 incidents as of December 13, 2019. Of these, 8031 incidents were for the years 2010 and onwards. Shown below is a histogram of incidents per year:
The reporting of most incidents in 2013 shows the waning interest in the community for its maintenance in subsequent years.
Actors
The numbers caused by external and internal actors (including partners) were almost equal. The pie chart below shows the split:
Assets
The top assets compromised in the incidents were
- personal devices, including laptops and mobiles
- documents
- web applications
- databases
Actions
Action describes the method used in the incident. The pie chart below shows the percentage of actions:
Database Incidents
This section focuses on incidents in which a database is involved. 14% of incidents involved a database.
Actors
Contrary to the complete dataset, internal actors and partners were involved in most incidents.
Actions
Similarly, the trends with respect to actions are also different. Misuse was the primary reason for the security incident.
Other Data Sources
A few other popular data sources on data breaches are:
Conclusion
VCDB is a very granular database with the ability to drill down along many dimensions though it is not perfect. In this report, we studied the factors in database breach-related incidents. Avoiding breaches involves planning for misuse and insider threats. If you find this analysis of use and want to collaborate, get in touch through the chat widget.
Similar Posts
Open-Source SQL Parsers
Rajat Venkatesh — 10/1/2021 - 3 Min Read
Parsing SQL queries provide superpowers for monitoring data health. This post elaborates on how to get started with parsing SQL for data observability.
Why do we need Data Governance? What are its Challenges?
Rajat Venkatesh — 7/10/2020 - 1 Min Read
The first step is to understand what data governance is. Data Governance is an overloaded term and means different things to different people. It has been helpful to define Data Governance based on the outcomes it is supposed to deliver.
Use ProxySQL as a Database Auditor for secure access to MySQL
Rajat Venkatesh — 1/3/2020 - 2 Min Read
ProxySQL can be used as a reverse proxy to audit, log and centralize access management to MySQL on AWS RDS, Aurora and Google Cloud SQL.
Get in touch for bespoke support for PII Catcher
We can help discover, manage and secure sensitive data in your data warehouse.