I EV SSL Certs l
Messaging Ecosystem Security
2013 DATA PROTECTION & BREACH READINESS PLANNING GUIDE
2013 Plan Download
Online Trust Alliance (OTA) takes the threat of security breaches very
serious and is committed to educating businesses about the imminent threat
of a data breach.
The goal of the
Protection & Breach Readiness Guide is to provide prescribed
guidelines that help businesses proactively develop a plan to minimize data
collection, enhance data protection and to create a customer-centric
incident response plan. By
planning, businesses of all sizes can minimize their risks, costs and the
impact of a breach on customers, investors, and brands
A data breach,
intentional or unintentional release of secure information to an untrusted
devastating consequences on the brand value of a business and a significant
financial impact and loss of customers.
In 2012, 2,644 breaches were reported
worldwide increasing over 117% from 2011, exposing over 267 million records.(1) The
largest reported breaches included Zappos and Global Payments, with 26
million and 7 million records exposed respectively.
The direct and indirect costs can be staggering.
a credit card processer reported direct costs of
nearly $94 million in addition to the reputational and business harm
surprisingly, criminals are becoming more sophisticated and organized as
they target more robust databases with a plethora of personal information
gathered by health, financial, education, government and ecommerce
providers. Verizon’s 2012 data
breach report showed that 94% of all their data breaches occurred because of
direct attacks on their server infrastructure.(4)
These criminals steal strategic and highly sensitive information that
compromises national security, public and private technology infrastructures
worldwide. Add to this the growing usage of mobile devices and the overall
risk landscape is growing exponentially.
company size, employees continue to be a potential threat to companies and
consumers when they bring their personal devices to work.
This trend known as “Bring Your Own Device” (BYOD), is introducing a
complex set of technical and operational policies for all organizations.
Whether intentionally or unintentionally, employees can put an
organization at risk by passing malware and viruses on to company platforms,
or by downloading valuable company information.
In 2012, 43% of breaches
targeted non-business organizations.
While breaches and data loss incidents are typically focused on
external threats, 26% were a result of internal losses and 4% were unknown.
Executive support for making data privacy part of the
business culture, and for building, testing, and maintaining a DIP, is
critical for ensuring that a business is prepared before a breach occurs.
It is also important for executives to acknowledge the need for businesses
to work to ensure that their customers have clear, conspicuous, and readable
notices which can be easily understood by the target audience of the product
or service. Additionally, consumers must have the ability to permanently
opt-out of all collection of their personal data and be provided notice on
the use and sharing of any such data after it has been collected.
OTA encourages all businesses, non-profits and government
organizations to make a renewed commitment to data protection and privacy.
Being prepared for a breach is good for your business, your brand and most
importantly your customers.
Open Security Foundation / DataLossDB.org
Revised March 15, 2013