90% of data breaches in 2014 were preventable: report
By Canadian Vending
By Canadian Vending
Jan. 27, 2015, Seattle, WA – More than 90 per cent of data breaches that
occurred in the first half of 2014 could have easily been prevented,
says the non-profit Online Trust Alliance in its new guides.
Jan. 27, 2015, Seattle, WA – More than 90 per cent of data breaches that occurred in the first half of 2014 could have easily been prevented, says the non-profit Online Trust Alliance in its new guides.
For its "2015 Data Protection Best Practices and Risk Assessment Guides," the alliance (OTA) has analyzed over a thousand breaches involving
the loss of personally identifiable information in 2014, as
reported by the Open Security Foundation and the Privacy Rights
Clearinghouse. According to a news release, the research suggested only 40 per cent were the result of
external intrusions, while 29 per cent were caused by
employees – accidentally or maliciously – due to a lack of internal
controls. The balance of incidents were primarily attributed to lost or
stolen devices or documents (18 per cent) and social engineering/fraud
(11 per cent).
response to the growing breach threat, OTA identified the top 12 most critical yet achievable
security practices that all companies should follow. In its Risk
Assessment Guide, OTA introduced a framework detailing how to complete
an assessment of both one’s own security practices and that of
third-party vendors upon which businesses are increasingly reliant.
These practices complement those recently outlined by President Obama to
enhance data and consumer protection.
The best practices correlate to some of the most infamous data breaches of the last two years. For instance:
the guidelines for enforcing effective password management and also
assessing the security protocols of cloud-based partners would have
prevented the 2014 hacking of private celebrity photos.
- The alliance's recommendations for assessing third-party vendor partners for
vulnerabilities and also segregating internal systems would have helped
prevent and contain breaches impacting major retailers including Target
and Home Depot.
“Businesses are overwhelmed with the
increasing risks and threats, yet all too often fail to adopt security
basics,” said Craig Spiezle, executive director and president of OTA, in the release.
“Releasing the Guides and best practices in advance of Data Privacy and Protection Day
will provide businesses with actionable advice. When combined with
other controls, these can help prevent, detect, contain and remediate