As society and business become increasingly reliant on data, the threat landscape continues to exponentially expand. Online services introduce stronger and more innovative defenses against cybersecurity threats with each passing year. Unfortunately, cybercriminals simultaneously create new techniques and deceptive tactics that outpace such efforts. The result underscores the need for business to make security and data protection a priority, and to be prepared for a breach incident.
The 2014 Data Protection & Breach Readiness Guide (Guide) is designed to help businesses app developers and service providers understand the issues, considerations and solutions that will enhance their data protection practices and enable them to develop readiness plans in the event they incur a data loss incident.
Breaches and data loss incidents have become a fact of life for organizations of every size and throughout the public and private sectors. There is no perfect defense from a determined cybercriminal, but the best practices advocated by OTA and outlined in this paper, can reduce reduce a company’s attack surface and vulnerabilities.
Since OTA’s first report in 2009, we have learned that no organization is immune from the loss of confidential and sensitive data. As larger quantities of diversified data are amassed on a range of devices and third party service providers are increasingly relied upon, every business must be prepared for the inevitable loss. 2013 culminated with Target’s breach, which is estimated to impact upwards of 110 million credit and debit card accounts. This incident was a “perfect storm”, highlighting how breaches can occur at the worst time, catching a business off guard, paralyzing management and creating consumer remorse. Victims include not only the consumer, but also the business breached and the banks whose credit and debit cards have been compromised.
2014 Breach Report Highlights:*
- 89% of breaches and data loss incidents could have been prevented
- 740 million records disclosed
- 31% of insiders were due to insider threats or mistakes
- 21% of the incidents were the result of physical loss (PC, drive, notebooks, paper documents..)
- 40% of the top breaches recorded to-date occurred in 2013
- 76% of breaches were the result of weak or stolen account credentials
- 29% of compromises were via social engineering
* Data Sources: OTA analysis utilizing data provided by the Open Security Foundation, Risk Based Security, Symantec and the Privacy Rights Clearinghouse
2013 Data Breach Guide & Resources