Retail (31%), Financial services (30%), Food and Beverages (14%), then Manufacturing (6%) industries represent the most breaches—involving: 285 Million records compromised in 90 confirmed breaches, 74% from external sources (37,000 records/breach) yet highest median still caused by insiders make up of end-users and IT Admins equally (100,000 records/breach) and Partners (27,000/breach), 91% via organized criminal groups, topped by significant errors resulting in 67% of the breaches while 64% from hacking, third party discovered 69% of the breaches, 81% of the victims were not PCI compliant, and 20% of the cases involved more than one breach. In addition, 13% of breached organizations involved merger and acquisitionscompanies, and breaches by sourced IPs are from East Europe at 22%, East Asia at 18%, and 15% at North America. And, what I found equally interesting is the attach pathways result from Remote Access and Management then Web Application of 22% and 21%, respectively; yet 27% vs. 79% of records are breached.
How about those stats from Verizon--based on (some 500) cases they have been involved with…so how much of the stats/distribution would change based on all breaches reported and tracked by others.
With those stats in mind, simply don’t retain the data, right. When that ideal scenario isn’t possible then retain only what is absolutely required, then protect the keys of the kingdom to no end. Secure credentials, validate all input along with a SDLC process (for XSS and SQL injection, for example), and eliminate errors in coding as well as ACLs. And remember while hackers/crackers are getting more sophisticated, the attack difficulty still remain relatively low (so they just know when to hit ya); but when attacked, the sophisticated/more complex attack result in more damage.
And, a read on some of the notable legal cases, turn to this link:
http://www.lawyersandsettlements.com/search.html?keywords=security+breach
No comments:
Post a Comment