A special supply chain case are law firms, which are also becoming popular hacker targets. "Law firms are involved in all sorts of extremely sensitive matters and collecting sensitive information through legal discovery," Novak said.
"That information is sitting in the law firms or third-party repositories that they use, so they become a target -rich environment for hackers," he said.
As is common in many data breaches, QinetiQ was told its systems had been compromised by a third-party. In December 2007, a Naval Criminal Investigative Service (NCIS) agent informed the company's small security team that two of its employees were losing confidential data from their laptops.
"A majority of data breaches are being detected by third parties and not from within," George said. "That shows the challenges that organizations are dealing with."
He added that it also contributes to the long time it takes to mitigate a data breach: 283 days.
Sign up for CIO Asia eNewsletters.