Most data breaches can be prevented, says industry study

Over 740 million personal data records held by corporations and governments were exposed in 2013, says an industry association that believes almost all of the breaches could have been avoided with basic security controls.

The statement came from the Online Trust Alliance (OTA), which on Wednesday released a data protection and best practices guide for organizations. Association members include Microsoft, Symantec, PayPal, PricewaterhouseCoopers, Twitter and a number of security and cloud computing service providers.

To get a copy of the best practices guide click here

“Data breaches are nothing new and have been around for quite some time; however, what we are seeing is a significant increase in incidents that not only harm consumers, but businesses as well, leading to a breakdown in consumer trust,” Tim Rohrbaugh, vice-president of information security for Intersections Inc. and an OTA board member. “Having a rigid, black and white approach to security controls and monitoring and being unprepared for an incident will cost businesses more in the end.”

The data exposure numbers come from the Open Security Foundation and the Privacy Rights Clearinghouse.

In addition, the OTA looked at 500 reported data breaches in the last year and figured out that 89 per cent could have been avoided. It also found that of those breaches studied

–31 per cent were due to insider threats or mistakes

–21 per cent were due to physical losses of PCs, notebooks, drives or paper documents

–76 per cent of breaches were due to weak or stolen account credentials, according to a study by U.S. carrier Verizon

–29 per cent of compromises happened through social engineering, Verizon also found

Every year the association releases a best practices guide. This year’s version says best practices can only be achieved when companies are no longer complacent with meeting minimum compliance standards for data protection. Rather, they must meet “the far loftier data privacy expectations of their own customers, by adopting a comprehensive data stewardship strategy that safeguards data across its entire lifecycle, from collection to deletion.”

Organizations should have an effective data incident plan detailing what steps must be taken when a breach happens, the association says. Businesses must be able to quickly assess the nature and scope of an incident, contain it, mitigate the damage and notify all interested parties, including law enforcement and affected customers, it adds.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows...

Unlocking Transformation: IoT and Generative AI Powered by Cloud

Amidst economic fluctuations and disruptive forces, Canadian businesses are steering through uncharted waters. To...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now