Posted by CotoBlogzz
Rancho Santa Margarita, CA – The California Data BreachReport unveiled yesterday by the California Attorney General indicates that “in
the past four years, the Attorney General has received reports on 657 data
breaches, affecting a total of over 49 million records of Californians” and
that “these breaches occurred in all parts of our economy: retailers and banks,
doctors, dentists and hospitals, gaming companies, spas, hotels, restaurants,
government agencies, schools, and universities”
Where “the majority of the reported breaches were the result of cyber attacks by determined data thieves, many of whom took advantage of security weaknesses. Breaches also resulted from stolen and lost equipment containing unencrypted data, and from both unintentional and intentional actions by insiders”
Where “the majority of the reported breaches were the result of cyber attacks by determined data thieves, many of whom took advantage of security weaknesses. Breaches also resulted from stolen and lost equipment containing unencrypted data, and from both unintentional and intentional actions by insiders”
In other words, the report does not contain anything new.
The report indicates that the affected sectors are:
- The retail sector has been the most vulnerable industry, accounting for 24% of breaches and 42% of records breached in the past four years.
- The financial sector accounts for the second largest share of breaches at 18%, and 26% of records breached. Social Security numbers are the most common data breached in this sector.
- The healthcare industry accounts for 16% of breaches, and continues to be particularly vulnerable to physical breaches.
- Small businesses represent 15% of all reported breaches.
Again,
nothing new
The
recommendations for organizations contained in the report include
- Adopt the Center for Internet Security’s Critical Security Controls as the start of a comprehensive information security program.
- Make multi-factor authentication available on consumer-facing online accounts that contain sensitive personal information.
- Consistently use strong encryption to protect personal information on laptops and other portable devices, and consider using it for desktop computers. .
- Encourage individuals affected by a breach of Social Security numbers or driver’s license numbers to place a fraud alert on their credit files. This measure is free, fast, and effective in preventing identity thieves from opening new credit accounts.
Also
nothing new.
What
is new is a recommendation for state policy makers which state:
“Collaborate
to harmonize state breach laws on key dimensions. Such an effort could
reduce the compliance burden for companies, while preserving innovation,
maintaining consumer protections, and retaining jurisdictional expertise.”
RELATED
HPE 2016 Cyber Report: http://www.bitpipe.com/fulfillment/1455827832_34
1 comment:
The Dell 2015 Annual Threat report is much more substantive and does not use taxpayer money: http://www.dell.com/learn/us/en/uscorp1/press-releases/2016-02-22-annual-threat-report-details-the-cybercrime-trends?
Post a Comment