After my 112 Days of Summer article, I of course wanted to check on how many additional breaches were REPORTED and how many records were EXPOSED. I knew it would be bad, like not flossing your teeth regularly and showing up at the dentist knowing what he would say. So I went to the Identify Theft Resource website and clicked on the Summary of 2015 Reported Breaches and there was that damn drill, staring me in the face. I knew the pain would be bad but OUCH!!!
In a previous post back in May, I wanted to write about cyber security breaches and discuss how many would take place over the 100 days of summer. Okay I got close, the statistics from ID TheftCenter.org spans the days between May 19, 2015 and September 8, 2015 (112 days of summer).
The numbers are funny but the data is interesting. Funny because for the vast majority of the Banking / Credit / Financial breaches, the actual number of records breached are unknown, so that drives the total records breached down, way down, as you will see when you open and review the report.
- May 19th – 304 Reported Breaches and 101,858,356 Reported Records Breached
- September 8th – 541 Reported Breaches and 140,092,146 Reported Records Breached
- The difference – 237 additional breaches and 38,233,790 Reported Records Breached [Read more…]
On May 27, 2015 I put my fingers on my keyboard and wanted to write a blog posting about the coming 100 days of summer. I thought about how many reported breaches and reported records would find their way in front of our eyes.
According to the Identity Theft Resource Center, as of May 19, 2015 there were 304 REPORTED breaches with 101,858,356 REPORTED records breached.
Jump ahead to July 28, 2015 – What A Difference 70 Days Makes!
- We have had an additional 146 Reported Breaches in these 70 days
- We have had an additional 33, 399,321 Reported Records Breached in these 70 days
- Medical / Healthcare accounted for 78.0 % of the Reported Records Breached
- Government / Military accounted for 20.7 % of the Reported Records Breached
- In total 450 Reported Breaches and 135,257,677 Reported Records Breached
- Nation States, Rogue Individuals, Insiders who have crossed the line, etc.
Individually we are a drop of water, together we are the ocean. None of us have the answer but collectively we do. We must continue to work together to solve this problem.
I recently discussed the growing concerns of cyber security among business owners with Emily Collins of Arizona Business News. The threats of cyber attacks on businesses are growing and business owners need to be prepared. Watch the video clip below to hear my thoughts on what changes to cyber security infrastructure need to happen to make businesses less susceptible of being hacked.
As we approach the upcoming 100 days of summer, I reflect on the 6.734 Million records that were breached in the top 10 breaches during the summer of 2014. Do you think what we have seen so far this year will be any indication?
According to the Identity Theft Resource Center, as of May 19, 2015 there have been 304 REPORTED breaches with 101,858,356 REPORTED records breached. Now as I have stated in previous posts, the number of actual records known is only 46%. Therefore, 55% of the reported breaches indicated that the number of records breached is UNKNOWN. WOW! [Read more…]
Have you ever had to deliver a difficult message to someone? Perhaps it was someone whose performance was not meeting your expectations. Perhaps the message was for a larger group of people, a layoff or relocation of a corporate office. It’s never fun to deliver these types of messages is it? There are reasons why we don’t like to communicate these messages but there are steps you can take to deliver them as delicately as possible.
I was interviewed about this topic for an article by Loraine Kasprzak, featured in this month’s edition of the American Institute of Chemical Engineers monthly magazine. Regardless of the industry or the nature of the message, these useful tips may help you in delivering it.
If you are looking for assistance feel free to reach out to me for more advice.
Risky Business News Flash #35
Someone just hacked into the car I was taking for a test drive and caused me to slam into the police car in front of me – OUCH. I was “with a friend” looking through a dating website when we noticed his profile was completely altered, he was receiving strange calls and strange texts on his cell phone. OOPS. My uncle has a scheduled surgery this week for a new state of the art pacemaker. Will it be a secure device? I wonder what the 12 month warranty states – HMMM. It seems that every single day that we wake up, we see various postings on LinkedIn, read stories about another phishing attack, or receive a threat feed from a partner alerting us to particular events.
Risky Business News Flash #34
Breaches Keep Happening – Is this a new bumper sticker that I saw this past weekend or is it reality? It is the later but I am sure we have this as a bumper sticker on the inside of our eyelids, after all it is the trend.
My question to you as a security professional, is why do many practitioners continue to perform penetration and network assessments alone, or social engineering assessment in a vacuum, or physical assessments when the spirit moves us? Sophisticated attackers operate at the intersection of these three.
Now is the time. 2015 is the year that we must start to perform assessments as a hacker would, not for the sake of compliance but for the sake of security and the protection of everything that is important to your organization. Now is the time to test your defenses using the same techniques that the bad guys will use to attack. [Read more…]
Risky Business News Flash #33
My friend John, an avid gambler, always said to me “the trend is your friend.” At the tables perhaps, but it’s certainly not what we have experienced in security breaches over the past few years and certainly not what we expect in 2015. The reality for more damaging breaches unfortunately is the trend.
In 2014 we saw the year start with retail attacks and end with a media attack. Is the trend more identities stolen or more intellectual property? Probably both! While credit card numbers and personal identities are worth money to one group of people, brand damage and embarrassment is worth far more to other groups.
On January 21, 2015 a new survey was released by the Ponemon Institute sponsored by Identity Finder titled, “2014: A Year of Mega Breaches.” This report, as all Ponemon reports, is very good. One area I would like to draw your attention to is found on page five of the report (copied below). This suggests that companies are not taking the necessary steps to make sure their information is properly managed, minimizing damage from future data breaches. Let’s remember that we must protect the jewels of the company to help protect what is actually captured during an attack. [Read more…]
After reviewing the SANS IR 2014 Survey, one thing was clearly absent and that is TEAM. I find that the most effective IR teams train as a team not as individuals and then expect to work as a team. I do not suspect that the Pittsburgh Steelers train individually and then come together on game day and expect to win. There is a robust and comprehensive solution to accomplish this, if you want to learn how to have your IR Team train and RESPOND as a team, contact me.