Why You Should Pay Attention to Data Breaches.
Safenet, a large data security company based in Belcamp, MD, recently released a report at the RSA Conference. The RSA conference is sponsored by RSA the Security Division of EMC, which is based in Hopkinton MA. The report titled: “Data Breach Level Index” contains some very interesting statistics about data breaches. Here is a summary:
2013 Data Breach Highlights from the Breach Level Index website: The site estimates that 1,576,555 data records are lost or stolen every day.
Breach by Type (sorted by percentage of data breaches):
* Malicious outsiders: 57percent of data breaches
* Accidental loss: 27percent of data breaches
* Malicious insiders: 13 percent of data breaches
* Hacktivists: 2 percent of data breaches
* State-sponsored activity:<1 percent of data breaches
Breach By Industry (sorted by percentage of data breaches):
* Healthcare accounted for31 percent of data breaches but only 2 percent of data records lost or stolen. The average healthcare breach lost 49,000 records.
* Government breaches made up 17 percent of data breaches in the report they also account for approximately 10 percent of data records lost or stolen. The government data breach averaged a loss of 630,000records.
* Financial institutions made up approximately 15 percent of data breaches. Yet the financial sector accounted for only 1 percent of data records lost or stolen. The average number of records lost in a financial institution breach: 112,000.
* The Technology industry is not immune to data breaches. Technology companies were hit for 11 percent of breaches and 43percent of the records lost or stolen. The average number of records stolen, however, reaches a staggering 5.7 million per breach.
* Retailers, even after the Target Breach in late 2013, only accounted for about 8 percent of the data breaches. However, retailers were responsible for 29 percent of the data records lost or stolen. The reason? The average number of records lost ina retail data breach: 6.6 million
* “Other industries” in the study, account for 23 percent of breaches and 13 percent of data records lost or stolen. The “other industries” group were responsible for an average 619,000 records lost in each breach.
In a press release dated February 18, 2014 Prakash Panjwani, Senior Vice President and General Manager, Data Protection, SafeNet reported: "Not all breaches are created or should be treated alike. The Breach Level Index helps us track and differentiate between an insecure breach, in which customer data is compromised and lost, and a secure breach, where data is stolen but cannot be deciphered by cyber criminals because it is encrypted, rendering it useless to them."
Evidence Solutions, Inc. highly recommends your data be encrypted. Strong encryption, authentication and key management solutions can render breached data unusable. Some data breach laws reduce or eliminate the need for reporting if the stolen data is encrypted. Unfortunately it is estimated that less than 5% of data breached is encrypted.
For over 30 years, Scott Greene of Evidence Solutions, Inc. has been helping companies meet the challenges of the swiftly evolving computer technology industry. Scott went to work for IBM. Scott studied Systems Engineering at the University of Arizona. He has since earned certifications in many products and programming languages.
The Evidence Solutions team analyzes data from Computers, Cell Phones, Black Boxes, Dispatch Systems, Medical Records, Email systems and more. Scott then explains the digital evidence in plain English.
Scott’s extensive knowledge draws clients to him from all over the United States as well as Internationally for consulting, Forensics and expert witness services. His extensive and diverse experience allows him to be an expert in many facets of digital and electronic evidence. Scott, a sought after speaker and educator, travels throughout the country sharing his knowledge and presenting to local, regional, national and International organizations.
Copyright Evidence Solutions, Inc.
Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.For specific technical or legal advice on the information provided and related topics, please contact the author.