Wednesday, February 17, 2016

Cyber Attacks, The California Data Breach Report Released – So What?

Posted by CotoBlogzz

Rancho Santa Margarita, CA – The California Data BreachReport unveiled yesterday by the California Attorney General indicates that “in the past four years, the Attorney General has received reports on 657 data breaches, affecting a total of over 49 million records of Californians” and that “these breaches occurred in all parts of our economy: retailers and banks, doctors, dentists and hospitals, gaming companies, spas, hotels, restaurants, government agencies, schools, and universities

Where “the majority of the reported breaches were the result of cyber attacks by determined data thieves, many of whom took advantage of security weaknesses. Breaches also resulted from stolen and lost equipment containing unencrypted data, and from both unintentional and intentional actions by insiders”

In other words, the report does not contain anything new.

The report indicates that the affected sectors are:

  • The retail sector has been the most vulnerable industry, accounting for 24% of breaches and 42% of records breached in the past four years.
  • The financial sector accounts for the second largest share of breaches at 18%, and 26% of records breached. Social Security numbers are the most common data breached in this sector.
  • The healthcare industry accounts for 16% of breaches, and continues to be particularly vulnerable to physical breaches.
  • Small businesses represent 15% of all reported breaches.

Again, nothing new

The recommendations for organizations contained in the report include

  • Adopt the Center for Internet Security’s Critical Security Controls as the start of a comprehensive information security program.
  • Make multi-factor authentication available on consumer-facing online accounts that contain sensitive personal information.  
  • Consistently use strong encryption to protect personal information on laptops and other portable devices, and consider using it for desktop computers.  .
  • Encourage individuals affected by a breach of Social Security numbers or driver’s license numbers to place a fraud alert on their credit files.  This measure is free, fast, and effective in preventing identity thieves from opening new credit accounts.

Also nothing new.

What is new is a recommendation for state policy makers which state:

“Collaborate to harmonize state breach laws on key dimensions.  Such an effort could reduce the compliance burden for companies, while preserving innovation, maintaining consumer protections, and retaining jurisdictional expertise.

The question is, how much time and money was spent on this, for the most part, useless report and the thousands others produced by the California State Attorney General as ordered by state legislatiure


HPE 2016 Cyber Report:

1 comment:

JL "Buzz" Aguirre said...

The Dell 2015 Annual Threat report is much more substantive and does not use taxpayer money: