Data Breach Round Up: 2013 Recap and A Look into 2014
Recently I was on the InfoSec Institute website and saw an article titled “2013 Data Breaches: All You Need to Know”, and boy does it tell you all you need to know about data breaches in 2013! With statistics and trends galore, it covers everything during the year from number of identities exposed to the cost per record for varying types of breaches.
It comes as no surprise that 2013 was a big year for data breaches. With companies like Target and Adobe exposing millions of personal records, it was considered the worst year by security experts. In terms of number of identities exposed, the amount of money it costs per breach, the increase in almost every statistic year after year, the numbers truly do speak for themselves. See the full article here: 2013 Data Breaches
Few things that I found particularly interesting from the year:
- The vast amount of people that can be exposed in a data breach is troublesome, especially with a security breach potentially lasting months. There were eight data breaches that exposed over 10 million records, compared to one the previous year. This is unsettling for consumers, making it seem like at any point, they could be the victim of the next big data breach. And it’s expensive, time consuming, and damaging to companies. Take for instance the news that Target recently announced they are replacing their CEO, significant changes have to happen as a result of a recognizable data breach.
- The article covered an analysis conducted by the Ponemom Institute which reviews the economic impacts of a data breach. The cost per record, $145 in 2013, and the average cost per breach, $3.5 million in 2013, have both increased from the previous year. It comes as no surprise that heavily regulated industries cost more than those not held to as many regulations. For companies in the healthcare, financial and pharmaceutical industries, it is more important than ever to implement processes to prevent a data breach instead of waiting for a costly significant event.
- The article also discusses how one’s own employees are threats and that ‘accidental’ exposing of information surpasses intentional breaches by outsiders. A category leader in breaches by insiders is improper equipment disposal. Data bearing assets need to be managed properly during their entire lifecycle in order to avoid getting into the wrong hands. To avoid improper disposal, companies need processes in place to ensure all assets follow automated and standardized procedures from the moment they go offline to the point of destruction. All steps that are taken on these assets, such as wiping or moving between locations, need to be tracked in order to guarantee proper handling. (See Coca-Cola below!) Always remember, you are responsible for your data!
- All of these numbers are not 100% accurate because companies are still hiding data breaches in hopes of protecting their company’s reputation. This leaves customers and victims in the dark and leads us to wonder what the true numbers reveal.
As we look ahead towards the remainder of 2014, we can already reflect on data breaches that have occurred in the first few months of the year. The Identity Theft Resource Center (ITRC) have compiled the numbers for breaches thus far. The ITRC is a nonprofit organization for identity theft. They aim to provide education, awareness and advice to consumers and organizations throughout the US on consumer issues related to cybersecurity, data breaches, social media, fraud, scams and more.
Their 2014 Breach List already includes 284 breaches reported and over 8.4 million records exposed. See the full list here: ITRC Breach Report 2014. Once again, there are already some heavy hitters and some big names. For example, Michaels Stores and Neiman Marcus both came in over a million records exposed due to security attacks on their payment systems.
Lost and stolen devices, and improper destruction of data bearing assets continues to be a problem for companies. The prestigious Coca-Cola exposed 74,000 records when they discovered that laptops that were meant to be destroyed, were not all getting destroyed. Chain of custody and visibility into this process can ensure all those data bearing assets get to the place they are intended to get to, whether that is destroyed, resold or on a legal hold.
In conclusion, consumers and organizations beware! Knowing the numbers and costs, companies need to do what they can to prevent a breach. If there are processes you can control, take the steps and time to implement efficient and secure strategies. If you need assistance with offline IT asset management, check out B&L’s product portfolio at www.bandl.com and be one step closer to protecting your data.