Is security at the top of your organization’s priority list? If not, then it should be. The disturbing trends of data breaches and security lapses continue into 2014, as the First Quarter was responsible for 176 Million exposed records. And while the number of actual incidents is comparable to 2013, the amount of records per breach is on the rise, up 46% from Q1 of 2013.
Accounting for the largest percentage of breaches in Q1 was the Business sector at 57%, followed by Government (16%), Education (8%) and Medical (6%). The leading source of exposed records was through internal, malicious threats -responsible for 59.4% of total exposed records or almost 105 million total records. Other sources of exposure were external, internal-accidental and internal-unknown.
As the statistics dictate, organizations must better protect their data from internal breaches. Best practices to secure this data include: Database Activity Monitoring, Vulnerability Assessments, Encryption and Masking of Non-Production Data. If your organization does not currently have these strategies in place, they are more likely to be vulnerable.
The statistics also tell us that organizations are fairly secure against outside threats, but have not fully concerned themselves with internal activity. And while there were many attempts of outside attacks, the inside breaches were responsible for the majority of records exposed, by far.
The most valuable information sought after within the breaches included, passwords, usernames, email, names and SSN. Ultimately this information can be used to access even more sensitive PII information. Many organizations allow this type of data to be freely accessed by internal resources, without any balance of monitoring or division of duties.
Quite possibly the most alarming trend is the amount of repeat breaches. In the First Quarter, 97 organizations were breached for a subsequent time and in one case the 52nd time over the last eight years—this trend accounts for 15% of all breaches in Q1. It seems as though financial institutions and business organizations lead the way when it comes to repeat offenders, as they were responsible for 44 of the multiple reports.
If your organization does not currently a full security plan in place that includes Database Activity Monitoring, Vulnerability Assessments, Encryption or Data Masking you and your organization are at risk of landing on the front page…for all the wrong reasons.
Contact BTRG for more information about these services and best practices to secure your organization’s data.