Veris Community compiles information security breaches and incidents based on a standard. They also maintain a database of incidents - VCDB - regularly updated by the community.
Caveat: The community was most active in 2012 and 2013, reflected by the number of incidents reported between those years. Nevertheless, the granularity of the data makes this dataset very useful. Tokern analyzed the dataset with a focus on insider threats and database breaches. The key findings are:
The VCDB database had data on 8352 incidents as of December 13, 2019. Of these, 8031 incidents were for the years 2010 and onwards. Shown below is a histogram of incidents per year:
The reporting of most incidents in 2013 shows the waning interest in the community for its maintenance in subsequent years.
The numbers caused by external and internal actors (including partners) were almost equal. The pie chart below shows the split:
The top assets compromised in the incidents were
Action describes the method used in the incident. The pie chart below shows the percentage of actions:
This section focuses on incidents in which a database is involved. 14% of incidents involved a database.
Contrary to the complete dataset, internal actors and partners were involved in most incidents.
Similarly, the trends with respect to actions are also different. Misuse was the primary reason for the security incident.
A few other popular data sources on data breaches are:
VCDB is a very granular database with the ability to drill down along many dimensions though it is not perfect. In this report, we studied the factors in database breach-related incidents. Avoiding breaches involves planning for misuse and insider threats. If you find this analysis of use and want to collaborate, get in touch through the chat widget.
Parsing SQL queries provide superpowers for monitoring data health. This post elaborates on how to get started with parsing SQL for data observability.
The first step is to understand what data governance is. Data Governance is an overloaded term and means different things to different people. It has been helpful to define Data Governance based on the outcomes it is supposed to deliver.
Get in touch for bespoke support for PII Catcher
We can help discover, manage and secure sensitive data in your data warehouse.