Data Breaches
Data Breaches
“A breach is defined as an event in which an
individual’s name plus a medical record and/or a financial record or debit card
is potentially put at risk—either in electronic or paper format.” (Ponemon, 2014)
For the first half of 2014, there were a reported 1,331 incidents. As a result of these incidents, there were a reported 502 million records exposed (datalossdb.org, 2014). For the entire 2013, there were a reported 2308 incidents (datalossdb.org, 2014). While it is generally accepted that sooner or later an organization will be breached, the frequency with which these occur and the number of records involved is what is astounding.
Interestingly, these breaches
are not limited to a specific country and or industry. Figure 1 below shows the
number of breaches experienced by countries while Figure 2 shows by Industry
during the period May 2013 to May 2014.
Figure 1
Figure 1
Source: Pomenon Institue
Figure 2:
Source: Pomenon Institue
Identity Theft/Fraud
Identify theft is referred to as the “preparatory stage of acquiring and
collecting someone else’s personal information for criminal purposes” (rcmp-grc.gc.ca). Identity Fraud on
the other hand, is defined as “the unauthorized use
of another person’s personal information to achieve illicit financial gain”
(javelinstrategy.com, 2014)
Identify theft is referred to as the “preparatory stage of acquiring and collecting someone else’s personal information for criminal purposes” (rcmp-grc.gc.ca). Identity Fraud on the other hand, is defined as “the unauthorized use of another person’s personal information to achieve illicit financial gain” (javelinstrategy.com, 2014)
With the massive amount of breached records and the known proclivity for cyber criminals to ensure they are compensated for their illegal activities one can only conclude that sooner or later, these records will be on the blackmarket. Some sites from which credit card and other personal information can be bought are rescator.* (.cm, .la. and .so), kaddaf[dot]hk, octavian[dot]su and cheapdumps[dot]org (Krebs, 2013).
More importantly, It is
reported that there was “A New Identity Fraud Victim Every Two Seconds
in 2013” (javelinstrategy.com, 2014). Of greater
importance, one in 3 people who received data breach notification letter were
victims of identity fraud (javelinstrategy.com, 2014).
The graph below shows millions of Identity Theft Victims
Figure 3:
Source: Javelinstrategy.com
Human Factor
Whether it is a user that has clicked on a link via a phishing email or an administrator that misconfigured a firewall, the human factor plays a tremendous role in the security threats paradigm. It is reported that 30% of all data breaches is a result of Human Error (Ponemon, 2014).
Figure 4:
Organizations
such as the SANS Institute have recognize the importance of the role of humans
in IT Security and thus have implemented programs based on “Securing the Human”
(securingthehuman.org). It is through these programs that while
everyone cannot be made an expert in IT security, everyone can at least be made
knowledgeable about some of the dangers related to technology. Through its’
OUCH newsletter, SANS has also produced a free document which each explains a
specific topic and the necessary actions people can take to protect themselves (securingthehuman.org, 2014)
Mobile/Wearable Malware
It is predicted that in 2015, 87% of connected
devices sales will be tablets and smart phones (idc.com, 2013). This immediately
implies that most of our online activities will be done via a smart phone and
or tablet. To be able to effectively use
these devices, an operating system is required. It is estimated that Android
owns 76% of this market with iOS at 14.4% as shown in the figure below.
Figure 5:
Source: MobileThinking
The threat
comes not necessarily from these devices themselves but from the underlying OS
which they used. According to the F-Secure, for Q1 2014, there were 275 threat
families (malware) that run on Android, 1 for iPhone and 1 for Symbian (F-Secure, 2014).
In addition,
the advent of Smart Watches, google glass, fitness tracking bands and other
wearables, makes for an even more interesting mobile future.
Internet of Things
As we
continue to march towards the future, by biggest fears lies in what else we may
choose to connect to the Internet.
In addition, the advent of Smart Watches, google glass, fitness tracking bands and other wearables, makes for an even more interesting mobile future.
The Internet
of things is considered as a network of physical objects which are accessed
through the Internet. Through the Internet of things, connections can be made
between manufacturing floors, energy grids, healthcare facilities,
transportations systems to the Internet (cisco.com).
It is
reported at a staggering 30 Billion devices will connect wirelessly to the
Internet of Everything in 2020 (abiresearch.com, 2013). If we contrast this with the world’s
population which currently stands at 7.2 Billion (worldometers.info), we can conclude
that each person will be responsible for at least 4 devices in 2020. Our rush
to have everything inter-connected will provide us with a very interesting future.
The Internet of things is considered as a network of physical objects which are accessed through the Internet. Through the Internet of things, connections can be made between manufacturing floors, energy grids, healthcare facilities, transportations systems to the Internet (cisco.com).
It is reported at a staggering 30 Billion devices will connect wirelessly to the Internet of Everything in 2020 (abiresearch.com, 2013). If we contrast this with the world’s population which currently stands at 7.2 Billion (worldometers.info), we can conclude that each person will be responsible for at least 4 devices in 2020. Our rush to have everything inter-connected will provide us with a very interesting future.
References:
(n.d.). Retrieved from rcmp-grc.gc.ca:
http://www.rcmp-grc.gc.ca/scams-fraudes/id-theft-vol-eng.htm
(n.d.). Retrieved from securingthehuman.org:
http://www.securingthehuman.org
(n.d.). Retrieved from cisco.com: http://www.cisco.com/web/solutions/trends/iot/overview.html
(n.d.). Retrieved from worldometers.info:
http://www.worldometers.info/world-population/
(n.d.).
(2013, 9 11). Retrieved from idc.com:
http://www.idc.com/getdoc.jsp?containerId=prUS24314413
(2013, 05 09). Retrieved from abiresearch.com:
https://www.abiresearch.com/press/more-than-30-billion-devices-will-wirelessly-conne
(2014, 08 24). Retrieved from datalossdb.org:
http://datalossdb.org
(2014, 08 25). Retrieved from census.gov:
http://www.census.gov/popclock/
(2014, 02 5). Retrieved from javelinstrategy.com:
https://www.javelinstrategy.com/news/1467/92/A-New-Identity-Fraud-Victim-Every-Two-Seconds-in-2013-According-to-Latest-Javelin-Strategy-Research-Study/d,pressRoomDetail
(2014, 08). Retrieved from securingthehuman.org:
http://www.securingthehuman.org/resources/newsletters/ouch/2014
F-Secure. (2014). Mobile Threat Report Q1.
F-Secure.
Krebs, B. (2013, 12 13). Retrieved from
krebsonsecurity.com: http://krebsonsecurity.com/2013/12/whos-selling-credit-cards-from-target/
Ponemon. (2014). 2014 Cost of Data Breach Study:
Global ANalysis. Ponemon Institute.
ZIOBRO, P. (n.d.). Retrieved from blogs.wsj.com:
http://blogs.wsj.com/corporate-intelligence/2014/03/17/with-credit-card-data-in-play-who-hacks-the-hackers/
No comments:
Post a Comment