F5 Labs researched 433 breach cases spanning 12 years, 37 industries, and 27 countries to discover patterns in the initial attacks that lead to the breach.
We can only know about a small fraction of what’s really going on, as companies often don’t know when they have been breached. There’s always a complicated mix of visibility, logging, monitoring and alerting, and communication that has many opportunities to fail.
F5 also analyzed the primary root causes of the breaches, how that varied in breach remediation costs by industry, and the impact of these breaches on each data type breached on the global scale. The purpose of the analysis was to identify where organizations are most likely to be attacked in a way that will result in a breach so that efforts to mitigate attacks can be appropriately aligned.
These challenges result in only a small fraction of incidents being investigated and an even smaller amount of incidents being reported. That said, F5 think there are still valuable insights to be gained from these cases. Of the reported cases analyzed, 79% of them had breach counts publicized, but only 49% had enough data to determine the initial attack vector, and only 40% a root cause. Finding a root cause can be tough. If you don’t have enough of the visibility and logging controls in place, you may never know how an attacker got in, what they took, and how much. If a company doesn’t know this information for a fact, there are many legal loopholes that excuse them from disclosing the incident at all. In some cases, this information is also held confidential due to law enforcement investigation—which is why F5 also reviewed the detailed court records of recent major breach cases.
Read the full research report and its results at https://www.f5.com/content/dam/f5/downloads/F5_Labs_Lessons_Learned_from_a_Decade_of_Data_Breaches_rev.pdf