Data Security Incidents Analysis

Rajat Venkatesh
Tokernhq
Published in
3 min readDec 21, 2019

Veris Community compiles information security breaches and incidents based on a standard. They also maintain database of incidents — VCDB regularly updated by the community.

Caveat: The community was most active in 2012 and 2013. This is reflected in the dataset as well with the most of number of incidents reported in 2012 and 2013. Nevertheless the dataset is useful because of the granularity of the data.

Tokern analyzed the dataset with a focus on insider threats and database breaches. The key findings are:

  • 47% of incidents were due to internal actors.
  • 14% of incidents involved a database system

Among incidents involving a database system:

  • 60% of incidents involved internal actors.
  • 70% of incidents were due to misuse, error or social

Overview of the dataset

The VCDB database as of Dec 13 2019, had data on 8352 incidents. Of these 8031 incidents were for years 2010 and onwards.

A histogram of incidents per year is shown below:

As mentioned in the introduction, the fact that the most incidents were reported 2013 is reflection of the interest waning in the community to maintain the database.

Actors

The incidents were almost equally caused by external and internal (including partners) actors. The pie chart below shows the split.

Assets

The top assets compromised in the incidents were

  • personal devices including laptop and mobiles
  • documents
  • web applications
  • databases

Actions

Action describes the method used in the incident. The pie chart below shows the percentage of actions.

Database Incidents

This section focuses on incidents in which a database is involved. 14% of incidents involved a database.

Actors

Contrary to the complete dataset, internal actors and partners were involved in majority of the incidents.

Actions

Similarly the trend w.r.t actions is also different. misuse was the primary reason for the security incident.

Other Data Sources

A few other popular data sources on data breaches are:

Conclusion

VCDB is a very granular database with the ability to drill down along many dimensions though it is not perfect. In this report, we studied the important factors in database breach related incidents. To avoid database breaches, it is important to plan for misuse and insider threats.

There are other data sets which are complete in other dimensions. If you find this analysis and want to collaborate, get in touch through the contact form below.

Originally published at https://tokern.io.

--

--