Most data breaches can be prevented, says industry study

Over 740 million personal data records held by corporations and governments were exposed in 2013, says an industry association that believes almost all of the breaches could have been avoided with basic security controls.

The statement came from the Online Trust Alliance (OTA), which on Wednesday released a data protection and best practices guide for organizations. Association members include Microsoft, Symantec, PayPal, PricewaterhouseCoopers, Twitter and a number of security and cloud computing service providers.

To get a copy of the best practices guide click here

“Data breaches are nothing new and have been around for quite some time; however, what we are seeing is a significant increase in incidents that not only harm consumers, but businesses as well, leading to a breakdown in consumer trust,” Tim Rohrbaugh, vice-president of information security for Intersections Inc. and an OTA board member. “Having a rigid, black and white approach to security controls and monitoring and being unprepared for an incident will cost businesses more in the end.”

The data exposure numbers come from the Open Security Foundation and the Privacy Rights Clearinghouse.

In addition, the OTA looked at 500 reported data breaches in the last year and figured out that 89 per cent could have been avoided. It also found that of those breaches studied

–31 per cent were due to insider threats or mistakes

–21 per cent were due to physical losses of PCs, notebooks, drives or paper documents

–76 per cent of breaches were due to weak or stolen account credentials, according to a study by U.S. carrier Verizon

–29 per cent of compromises happened through social engineering, Verizon also found

Every year the association releases a best practices guide. This year’s version says best practices can only be achieved when companies are no longer complacent with meeting minimum compliance standards for data protection. Rather, they must meet “the far loftier data privacy expectations of their own customers, by adopting a comprehensive data stewardship strategy that safeguards data across its entire lifecycle, from collection to deletion.”

Organizations should have an effective data incident plan detailing what steps must be taken when a breach happens, the association says. Businesses must be able to quickly assess the nature and scope of an incident, contain it, mitigate the damage and notify all interested parties, including law enforcement and affected customers, it adds.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now