The biggest category affecting public organizations is miscellaneous error – defined by the report as, “Incidents where unintentional actions directly compromised a security attribute of aninformation asset.” (Lost devices are grouped along with theft.)
Within that, “government misdelivery” is a main driver of incidents resulting in exposed data. That’s where non-public information is sent to the wrong recipient. It’s not a very exotic or techno-centric problem but it remains a primary area of information security.
“The United States federalgovernment is the largest employer in that country, andmaintains a massive volume of data on both its employeesand constituents, so one can expect a high number ofmisdelivery incidents,” the report explains.
However, the report notes that the federal government has stringent and public reporting requirements for breaches, and that can give rise to the impression of a higher rate of attacks.
Crime-ware is also a problem for the public sector, defined in the report as “Any malware incident that did not fit other patterns like espionage or point-of-sale attacks.”
Most often these are infections perpetrated by organized crime, typically with a financial motive. According to the report, the Zeus crimeware toolkit (and its child Citadel), remain favorites of thieves.
Report: http://www.verizonenterprise.com/DBIR/
