90% of Data Breaches Are Avoidable

Uploaded on 2016-02-02 in FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Resilience

Nine of every ten data breaches in 2015 could have been “easily prevented,” according to a study by The Online Trust Association.

Nine of every ten data breaches that occurred in the first eight months of 2015 were “easily avoidable,” underscoring the need for private sector investment in tools and processes to thwart cyber criminals. That, according to a study released by the Online Trust Association (OTA) January 2016.

Ninety one percent of data breaches that occurred from January to August of 2015 could have easily been prevented using simple and well-established security practices, such as applying software patches to a server, encrypting data or ensuring employees do not lose their laptops, said OTA, which analyzed over 1,000 breaches involving the loss of personally identifiable information (PII) in 2015.

Hacks accounted for a minority of those incidents: 34 percent. In contrast: 30 percent was caused by employees who leaked data accidentally, or maliciously.

The OTA released guidelines for businesses to follow and called on the private sector to do a better job assessing what data it must retain for business purposes and then applying strict security to that data.

“Organizations need to regularly review how they store, manage and secure their data. A plan needs to include prevention, detection, notification, remediation and recovery processes and operations,” the group said.

The Online Trust Alliance (OTA) is a non-profit, industry group created to “enhance online trust” by raising awareness of security and privacy issues affecting businesses and consumers. Its members include leading technology firms, retailers and others, including Microsoft, Twitter, The Gap, Verisign, Symantec and others.

Businesses and other organizations are too quick to collect customer and user data and too slow to protect it, the group has argued. That makes them attractive targets for hackers.
In recent months, the group has championed guidelines for holiday season shoppers buying connected gifts. It has also issued a guide for would be homebuyers to assess the security of connected or “smart” home features prior to purchase.

Security Ledger: http://bit.ly/1Twv5Yl

« Healthcare Data Is The Holy Grail for Cyber Thieves
After The OPM Hack Security Clearances Will Now Be Done By The Pentagon »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Trustwave

Trustwave

Trustwave is a leader in managed detection and response (MDR), managed security services (MSS), consulting and professional services, database security, and email security.

ACI Worldwide

ACI Worldwide

ACI Worldwide powers electronic payments for more than 5,000 organizations around the world.

Swedish Civil Contingencies Agency (MSB)

Swedish Civil Contingencies Agency (MSB)

MSB's Information Assurance Department is responsible for supporting and coordinating work relating to Sweden's national societal information security.

Private Internet Access

Private Internet Access

Private Internet Access is a Virtual Private Network services provider offering secure encrypted access to the internet.

Neurosoft

Neurosoft

Neursoft is a fully integrated ICT company with Software Development, System Integration and Information Technology Security capabilities.

WiJungle

WiJungle

WiJungle is an Indian Cyber Security Company that develops and markets a unified network security gateway solution.

BELAC

BELAC

BELAC is the national accreditation body for Belgium.

BHC Laboratory

BHC Laboratory

BHC Laboratory is a cyber capabilities’ development company for a wide range of global customers.

Hacken

Hacken

Hacken provide a range of cybersecurity services including security assessments, blockchain security audits, and secure software development.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Sunartek Labs

Sunartek Labs

Sunartek are equipped with expert resources and advanced technology to identify cyber threats and prevent any breach, bypassing the security network of your organization.

Swish Data Corp.

Swish Data Corp.

Swish delivers when the problems are complex, requirements are difficult, and the mission is absolutely critical.

Entech

Entech

Entech is a managed IT service provider. We work behind the scenes on your network to ensure data security and integrity.

Forward Global

Forward Global

Forward Global designs and delivers services and technologies to manage digital, economic, and information risks.

Leo CybSec

Leo CybSec

Leo CybSec unites a group of Cyber Security experts with 20+ years of collective expertise to help our clients realise and mitigate the cyber challenges and risks facing their business.

InfoTrust

InfoTrust

InfoTrust is a leading specialised cybersecurity practice that combines a customer-first consulting approach with next-generation security solutions.