Archives

Panama Papers are Biggest Data Leak Yet

April 11, 2016

Panama Papers

If cyber hackers can unearth the financial secrets of Russian President Vladimir Putin, do you really think your company is safe from the same thing?

Panama Papers: “History’s Biggest Data Leak”

News of the “Panama Papers” is filling newspapers and websites across the globe this week, in what The Guardian is calling, “History’s biggest data leak”.

Hackers have unearthed the financial secrets of some of the world’s most powerful people, detailing the secrets of how many international politicians, business leaders and celebrities have used the Panamanian law firm Mossack Fonseca, the fourth-largest offshore law firm in the world, unseemly financial transactions.

The Panama Papers are 11.5 million documents taken from the files of Mossack Fonseca by an unnamed source and turned over to a German newspaper. Information from this leaked data continues to spill out and the repercussions already include the prime minister of Iceland resigning on April 5, the president of Transparency Chile, a branch of a global anti-corruption group, stepping down on April 4, and the CEO of large Austrian bank resigning on April 7.

Others named involved in the massive data breach were the presidents of Argentina and the Ukraine, the prime minister of Pakistan, a king from Saudi Arabia, the former emir of Qatar, and Argentine soccer star Lionel Messi. A Russian cellist who’s a close confidant of Putin has also been named in the documents.

As the fallout from this massive data leak continues to reverberate literally around the world, it’s a great reminder that every company is at risk of a data breach. If the world’s richest and most powerful people can have their most confidential information hacked, cyber hackers can seemingly get anywhere they set their minds too.

Is your company safe?

While up to nearly half of all organizations experienced a data breach in the last year, a recent report by AIIM (Association for Information and Image Management) showed that a quarter of respondents felt that their senior managers did not take the risks of data privacy breaches seriously.

This report comes on the heels of a 2015 IBM survey of more than 700 C-level executives, almost three-quarters of CEOs believed that ‘rogue individuals’ as the largest threat to organizations—the truth is 80% of cyber attacks are led by highly organized crime rings.

Too many C-level leaders have their hand in the sand and move forward with an “It won’t happen to us” mentality.

Protect your company and be proactive. Your data is everywhere these days—on hard drives and paper at the office, with volumes of information on laptops that move in and out of the office, on mobile devices and cloud storage—these are all entities that need to be managed from the C-level on down.

IBM’s study revealed that almost two-thirds of C-level executives in marketing, human resources and finance departments acknowledge they are not actively engaged in cyber security strategy and execution. Cyber security is at a point now where it simply has to go beyond the IT department. Criminals are targeting any department where personally identifiable and financial information resides.

Senior managers have to commit to information security before an organization can fully adopt a culture of security. Employees will follow the example set by their managers.

The Panama Papers put another spotlight on cyber security. Even the most rich and powerful are at risk.

 

The Rising Cost of Data Breach

October 28, 2015

cost of a data breach

IBM and the Poneman Institute released a global study in January that said the average total cost of a data breach has increased 23 percent in the last two years, up to $3.79 million.

The same study showed that the average cost paid by organizations for each lost or stolen record containing confidential information rose from $145 in 2014 to $154 in 2015. The largest increase was seen in the retail industry, where the average cost increased from $105 in 2013 to $165 in 2014.

The Cost of a Data Breach is Increasing

As today’s world becomes more and more digital, with so much sensitive data stored on drives of all sorts, optical media, cell phones, and various other forms of office equipment, there’s every reason to believe that the cost of a data breach is only going to rise over the next several years.

It’s important to know that just because a piece of technology no longer works, doesn’t mean that the information on it is no longer accessible. In fact, without destruction, most of it is pretty easily retrieved by someone who knows what they’re doing.

In 2003 researchers at MIT were able to recover 92.4 percent of sensitive information from 158 used hard drives. That sensitive information included not only corporate information, but names and contact information, emails, credit card numbers, social security numbers and medical records.

Security measures have improved dramatically since MIT’s study, and organizations have embraced the value of hiring Technology Asset Disposal Companies. While security has improved, so have hackers and data thieves. If you think that black markets where stolen information is sold only exist on TV shows and in the movies, you’ve got your head in the sand.

The following numbers should scare you a little bit: 80 percent of corporate desktops and laptops contain sensitive data. When it comes to IT personnel, only 34 percent have a secure process for hard drive destruction.

There’s far too much on the line, both monetarily and legally, for organizations not to hire experts to dispose of their technology assets when the time comes to refresh or upgrade. Avoid the rising costs of any kind of information breach by hiring an expert and trustworthy data destruction organization.

15 Million T-Mobile Customers’ Data Exposed | T-Mobile Data Breach in 2015

October 23, 2015

t-mobile data breach

On October 1, it was announced that approximately 15 million T-Mobile customers were impacted by a T-Mobile data breach at credit agency Experian PLC, the latest major leak of confidential data to hit corporate America.

The exposed data included names, addresses, birth dates and encrypted Social Security numbers, driver’s license or passport numbers for customers who might have applied for T-Mobile cell service between Sept. 1, 2013 and Sept. 16, 2015.

T-Mobile said the T-Mobile data breach was discovered on September 15 and included information on millions of their subscribers, former customers and people who applied for service or device financing at the wireless carrier over the last two years.

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian,” T-Mobile CEO John Legere said. “I take our customer and prospective customer privacy VERY seriously.”

Experian is one of the three major American credit bureaus, along with Equifax and TransUnion, that affect, if not touch every American with a credit card or cell phone.

There is no evidence yet that any breached information has been inappropriately used and Experian is notifying the individuals who may have been affected. They are also offering free credit monitoring and identity resolution services for two years to affected customers.

Hackers typically put this type of information up for sale on black markets, where large data bases of information are aggregated and sold to identity thieves. A stolen identity can lead to stolen tax refunds, ruined credit and worse.

T-Mobile is in the process of reaching out to people who may be impacted by the T-Mobile data breach.

Here are four steps to take if you are ever afraid your personal data has been breached. All four steps can be done by calling each of the three credit bureaus (Experian: 1-888-397-3742, Equifax: 1-800-525-6285, and TransUnion: 1-800-680-7289).

  1. Monitor your credit reports. You are entitled to one free credit report every 12 months from each of the three credit bureaus.
  2. Consider placing a “fraud alert” with each of the three credit bureaus. An alert doesn’t block potential new credit, but places a comment on your history. Creditors should contact you prior to opening a new account.
  3. Consider placing a “security freeze” with each of the three credit bureaus to prohibit the release of any information from your reports. A security freeze can help prevent identity theft since most businesses won’t open credit accounts without checking a consumer’s credit history first.
  4. Beware of unsolicited calls or emails offering credit monitoring or identity theft services. Never provide your Social Security number, credit card numbers, or other personal information in response to unsolicited emails or calls.

Ponemon: Data breach costs now average $154 per record

June 10, 2015

The per-record cost of a data breach reached $154 this year

broke

by Maria Korolov | May 27, 2015

According to a report released this morning by IBM and the Ponemon Institute, the per-record cost of a data breach reached $154 this year, up 12 percent from last year’s $145.

In addition, the average total cost of a single data breach rose 23 percent to $3.79 million.

Loss of business was a significant, and growing, part of the total cost of a data breach. Higher customer turnover, increased customer acquisition costs, and a hit to reputations and goodwill added up to $1.57 million per company, up from $1.33 million the previous years, said Ponemon Institute chairman and founder Larry Ponemon.

Ponemon analyzed results from 350 companies in 11 countries, each of which had suffered a breach over the past year.

Data breach costs varied dramatically by industry and by geography.

The US had the highest per-record cost, at $217, followed by Germany at $211. India was lowest at $56 per record.

Sorted by industry, the highest costs were in the health care industry, at an average of $363 per record.

The reason, said Caleb Barlow, vice president at IBM Security, is because the information in a medical record has a much longer shelf life than that of, say, a credit card number.

“With credit cards, the time frame from the breach to mitigation is very short,” he said.

The credit card company just has to cancel the old credit card number and issue a new one.

“But the health care record can be used to establish access in perpetuity,” he said, pointing out that health care records include a wealth of personal information as well as social security numbers and insurance numbers.

“it can be used to establish credit or steal your identity ten or fifteen years from now,” he said. “Once this information is out there, you can’t get the genie back in the bottle.”

And that doesn’t even include the costs of health care fraud, he added.

Factors that can impact breach costs

The Ponemon report looked at a number of other factors that could potentially influence the cost of a breach, and, unlike industry or geography, many of these factors were under management control.

For example, having an incident response team available ahead of time reduced the per-record cost by $12.60. Using encryption extensively reduced costs by $12. Employee training reduced costs by $8.

If business continuity management personnel were part of the incident response team, costs fell by $7.10. CISO leadership lowered costs by $5.60, board involvement lowered costs by $5.50 and cyberinsurance lowered costs by $4.40.

“Companies that have thought about this ahead of time, that had their board involved, that had insurance protection, that had practiced what they would do, they had a much lower cost per breach,” said Barlow. “This is really compelling. We have tangible evidence that those who were doing that had much lower costs. You don’t have days to respond — you don’t even have hours. You have minutes to get your act together.”

Factors that increased costs was the need to bring in outside consultants, which added $4.50 per record. If there were lost or stolen devices, costs increased by an average of $9 per record.

And the single biggest factor was if a third party was involved in the cause of a breach. That increased the average per-record cost by $16, from $154 to $170.

Costs rise with time

Ponemon found a positive relationship between the time it took to identify a breach and the total cost of the breach, as well as between the time it took to mitigate the breach and the cost.

On average, it took respondents 256 days to spot a breach caused by a malicious attacker, and 82 days to to contain it.

Breaches caused by system glitches took 173 days to spot and 60 days to contain. Those caused by human error took an average of 158 days to notice, and 57 days to contain.

This story, “Data breach costs now average $154 per record” was originally published by CSO.

Go to original article…