After my 112 Days of Summer article, I of course wanted to check on how many additional breaches were REPORTED and how many records were EXPOSED. I knew it would be bad, like not flossing your teeth regularly and showing up at the dentist knowing what he would say. So I went to the Identify Theft Resource website and clicked on the Summary of 2015 Reported Breaches and there was that damn drill, staring me in the face. I knew the pain would be bad but OUCH!!!
In a previous post back in May, I wanted to write about cyber security breaches and discuss how many would take place over the 100 days of summer. Okay I got close, the statistics from ID TheftCenter.org spans the days between May 19, 2015 and September 8, 2015 (112 days of summer).
The numbers are funny but the data is interesting. Funny because for the vast majority of the Banking / Credit / Financial breaches, the actual number of records breached are unknown, so that drives the total records breached down, way down, as you will see when you open and review the report.
- May 19th – 304 Reported Breaches and 101,858,356 Reported Records Breached
- September 8th – 541 Reported Breaches and 140,092,146 Reported Records Breached
- The difference – 237 additional breaches and 38,233,790 Reported Records Breached [Read more…]
On May 27, 2015 I put my fingers on my keyboard and wanted to write a blog posting about the coming 100 days of summer. I thought about how many reported breaches and reported records would find their way in front of our eyes.
According to the Identity Theft Resource Center, as of May 19, 2015 there were 304 REPORTED breaches with 101,858,356 REPORTED records breached.
Jump ahead to July 28, 2015 – What A Difference 70 Days Makes!
- We have had an additional 146 Reported Breaches in these 70 days
- We have had an additional 33, 399,321 Reported Records Breached in these 70 days
- Medical / Healthcare accounted for 78.0 % of the Reported Records Breached
- Government / Military accounted for 20.7 % of the Reported Records Breached
- In total 450 Reported Breaches and 135,257,677 Reported Records Breached
- Nation States, Rogue Individuals, Insiders who have crossed the line, etc.
Individually we are a drop of water, together we are the ocean. None of us have the answer but collectively we do. We must continue to work together to solve this problem.
Risky Business News Flash #33
My friend John, an avid gambler, always said to me “the trend is your friend.” At the tables perhaps, but it’s certainly not what we have experienced in security breaches over the past few years and certainly not what we expect in 2015. The reality for more damaging breaches unfortunately is the trend.
In 2014 we saw the year start with retail attacks and end with a media attack. Is the trend more identities stolen or more intellectual property? Probably both! While credit card numbers and personal identities are worth money to one group of people, brand damage and embarrassment is worth far more to other groups.
On January 21, 2015 a new survey was released by the Ponemon Institute sponsored by Identity Finder titled, “2014: A Year of Mega Breaches.” This report, as all Ponemon reports, is very good. One area I would like to draw your attention to is found on page five of the report (copied below). This suggests that companies are not taking the necessary steps to make sure their information is properly managed, minimizing damage from future data breaches. Let’s remember that we must protect the jewels of the company to help protect what is actually captured during an attack. [Read more…]
After reviewing the SANS IR 2014 Survey, one thing was clearly absent and that is TEAM. I find that the most effective IR teams train as a team not as individuals and then expect to work as a team. I do not suspect that the Pittsburgh Steelers train individually and then come together on game day and expect to win. There is a robust and comprehensive solution to accomplish this, if you want to learn how to have your IR Team train and RESPOND as a team, contact me.
OMG!!! Through Nov 3, 2014 there have been a 644 REPORTED breaches that equates to 78,161,407 records exposed. You need to understand that almost half of these reported breaches DO NOT KNOW the number of records exposed so the damage is far greater. This is a comprehensive document with summaries and full details. I encourage you to continue to use this reference as you see fit for your overall security program.