by Doug Pollack

Verizon Business Security Solutions recently released a study titled “2008 Data Breach Investigations Report” that looks at the causes of data breaches and prescribes recommendations for improving data security policies that can lead to data breaches.

An article in CNET related to this study, “Reports examine causes and victims of data breaches“, notes that a key conclusion of the report is that “9 out of 10 corporate data breaches could have been prevented, had appropriate security measures been taken”.

Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions says of this report that  “it can help companies better understand data breaches – how they occur and the commonalities that exist. Most importantly, it urges organizations to be proactive in their approach to security — the absolute key to safeguarding data.”

Two key recommendation from the report follow:

• Align process with policy. In 59 percent of data breaches, the organization had security policies and procedures established for the system, but these measures were never implemented. Implement, implement, implement.
• Create an incident response plan. If and when a breach is suspected, the organization must be ready to respond, not only to stop the data compromise but to collect evidence that enables the business to pursue prosecution when necessary.

It is wonderful to see research on the topic of data breaches that outlines recommendations that can help companies avoid data breaches, while being better prepared to deal with them when they unavoidably occur.