A study by US telco Verizon has found that nine basic "patterns" make up 92% of Internet security threats.
Furthermore, almost three-quarters of threats (72%) in any given industry are made up of three basic patterns. The study analyzed 100,000 security incidents that took place over the past 10 years.
The 2014 Data Breach Investigations Report identifies the nine main threat types to businesses as user errors (such as sending an email to the wrong person), malware aimed at gaining control of systems, insider / privilege misuse, physical theft / loss, Web app attacks, denial of service attacks, cyber-espionage, point-of-sale intrusions and payment card skimming.
The report found that the use of stolen or misused credentials is the top way to gain access to information and that two-thirds of breaches exploit weak or stolen passwords. It also found that distributed denial of service attacks (DDoS) have grown stronger year-over-year for the past three years.
Wade Baker, principal author of the Data Breach Investigations Report series, stressed that the report showed no organization is immune from a data breach and that the increasing difficulty in identifying attacks is compounding the issue.
"After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime - and the bad guys are winning," said Baker. "But by applying big data analytics to security risk management, we can begin to bend the curve and combat cyber-crime more effectively and strategically."