Tag Archives: Data Breach

Human Error Caused 93% of Data Breaches

Posted on by

Despite tremendous increased attention, the number of reported cyberbreach incidents rapidly escalated in 2014. According to Information Commissioner’s Office data collected by Egress Software Technologies, U.K. businesses saw substantially more breaches last year, with industry-wide increases of 101% in healthcare, 200% in insurance, 44% among financial advisers, 200% among lenders 200%, 56% in education and 143% in general business. As a result, these industries also saw notable increases in fines for data protection violations.

The role of employees was equally alarming.

buy rogaine online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/rogaine.html no prescription pharmacy

“Only 7% of breaches for the period occurred as a result of technical failings,” Egress reported.

buy vidalista online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/vidalista.html no prescription pharmacy

“The remaining 93% were down to human error, poor processes and systems in place, and lack of care when handling data.

buy celexa online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/celexa.html no prescription pharmacy

Check out more of the findings from Egress’ review in the infographic below:

Infographic: Human error causes alarming rise in data breaches

Lessons Learned from Data Breaches

Posted on by

Recent data breaches have left some large organizations reeling as they deal with the aftermath. They include the Target data breach, compromises at Home Depot, JP Morgan, USPS (which exposed employee Social Security Numbers and other data) and, most recently, Sony Pictures. The Sony hack also proved to be embarrassing to some of the company’s executives, as private email correspondences were exposed.

Collateral damage from data breach is significant: one in nine customers affected by a data breach stopped shopping at a particular retailer. According to LifeLock, a recent survey of corporate executive decision-makers found that while concern for a breach is 4 or 5 on a 5-point scale, only 10% to 20% of their total cyber security budgets go to breach remediation. Establishing an incident response plan in advance can reduce the cost per compromised record by $17.

While strengthening cybersecurity is important, the impact on breached organizations shows that preparing a response must be part of the breach-management equation. These breaches present an opportunity for business leaders and risk professionals to learn important lessons about how to protect their companies, customers and employees if a breach should occur.

Below are steps companies can take to establish a response plan, as well as information on the data breach landscape.

 

 

 

The bebe Hack: Guarding Against Cyberbreach During the Holiday Shopping Season

Posted on by

bebe data breach

On Friday, retail chain bebe announced that it had identified an attack on computers that operate the in-store payment processing system. The attack may have exposed data from cards swiped in retail locations in the U.S., Puerto Rico, and the U.S. Virgin Islands between Nov. 8 and Nov. 26, including cardholder name, account number, expiration date and verification code. The breach did not impact customers who shopped online or in other international locations, bebe reported, and the company has hired a security firm to stop and investigate the attack.

Almost exactly a year after the massive Target hack, this latest incident comes after a steady stream of sizable breaches among retailers, including Home Depot, JPMorgan Chase and eBay. Consumers have begun to find these hacks increasingly less surprising, and stopped paying as much attention – a phenomenon many are calling “breach fatigue.”

But companies are not entirely off the hook. While Target is on the rebound and subsequent breach victims have endured less damage to consumer perception, these cybersecurity incidents still demand a notable amount of contingency planning and mitigation.

According to public relations and social media firm Affect, there are four keys to protecting brand reputation in the event of a security breach:

1) Develop a Fully Locked and Loaded Response Plan

In the digital age, it is essential to have a cyber attack plan in place as part of an organization’s crisis management strategy. Companies can get ahead of a crisis by leveraging social media to diffuse damaging situations. In order to prepare, be sure to anticipate and understand the kinds of threats that could influence your business and your industry.

“There are four phases of crisis communications: readiness, response, reassurance and recovery,” said Sandra Fathi, president of Affect. “In order to properly respond to a crisis, each stage must be ready to go at a moment’s notice — develop materials such as messages and prepared statements, prepare delivery channels like hotlines and social media platforms and train employees regarding awareness and organizational procedures.
buy filitra online https://galenapharm.com/pharmacy/filitra.html no prescription

2) The Customer is Top Priority

Arguably the most important step in maintaining a brand’s image amid a breach is to be honest with customers and inform them about what has occurred — the sooner the better, especially if their personal information is at stake. In fact, 47 states have Security Breach Notification Laws that govern communication with customers in the face of a security breach including the timeline for those communications. Several weeks elapsed before Target released an official statement to their customers and as a result, experienced massive backlash from customers, other organizations and the media alike.

Adam Levin, chairman and founder of IDT911, a provider of data risk and identity management services, believes every company needs to demonstrate three things in the wake of a data breach.

buy amoxil online www.methanol.org/wp-content/uploads/2022/08/png/amoxil.html no prescription pharmacy

“Urgency, transparency, and empathy are all critical. I don’t think they [Target] showed enough of those three,” Levin said in an interview with ABCNews.com. Not being upfront with customers can result in a loss of confidence in the brand that can hinder not only the company’s reputation, but could lead to a loss in revenue.

buy flexeril online www.methanol.org/wp-content/uploads/2022/08/png/flexeril.html no prescription pharmacy

3) Monitor the Situation in Real-Time

Social media can be a powerful tool but “with great power comes great responsibility.” While positive engagements boost a brand’s respect, companies must always monitor for negative interactions in real-time and be even more stringent during a security breach, as customers will turn to social media to respond to situations, regardless of their allegiance to the brand. Develop a Social Media Response Map that outlines anticipated situations and correlated standard responses to avoid any last minute shuffle. Don’t shy away from angry customers that continuously post adverse comments.

buy zydena online www.methanol.org/wp-content/uploads/2022/08/png/zydena.html no prescription pharmacy

Depending on the situation, it may be worthwhile to engage with these individuals in a private forum and resolve their concerns, taking the negative sentiments offline.

4) Don’t Repeat the Same Mistakes

For brands, it is especially important to not make the same mistakes twice. Customers may or may not forgive a first offense, so a second go-around is even harder to rebound from. Companies must carefully document and analyze each breach to identify how it happened, why it happened and how to prevent such an event in the future. Consider changing security vendors, deploying new software, re-training staff and amending company policies. It is also important to communicate these changes to customer to reassure them that a similar breach will not reoccur.

Lessons from MBIA: When Breaches Go Viral

Posted on by

data breach

We can add another breached company to the ever-growing list: the Municipal Bond Insurance Association (MBIA). While not necessarily unique from other breaches we’ve seen lately, the MBIA incident brought another aspect of breach fallout into the public eye, and that’s the potential for data exposures to go viral. These viral breaches generate tendrils of compromised information that reach far and wide, creating a nightmare for containment—and public relations.

Known as the largest bond insurer in the country, MBIA services accounts for many government investment pools. In late September, the company was alerted by an ethical hacker that hundreds of pages of customer data were showing up online for all to see. We’ve since learned that one of the company’s database servers had been improperly configured, resulting in the exposure of highly sensitive data. Account numbers were compromised along with customers’ names, account balances and other confidential information. But the damage didn’t stop there. Not only was MBIA’s customer data floating around the Internet for all to see, it also had been indexed by several search engines. Information that should have been heavily protected was now on the Web in multiple locations, far outside the control of MBIA.

The release of customer data wasn’t the only problem. High-level security keys were also exposed and indexed, including administrative credentials and instructions for creating new deposit accounts. Not only were cybercriminals given a nearly perfect tutorial to dig into additional data held by MBIA that hadn’t been compromised in the first go-round, the instructions also provided a way for thieves to quietly pull funds out of the compromised accounts. The integrity of MBIA’s systems had been damaged far beyond a simple data breach.

Piling on to the organization’s woes were two failures of their own making. One is that their Oracle server is commonly known to need careful configuration to avoid a potential security gap.

buy atarax online meadfamilydental.com/wp-content/uploads/2023/10/jpg/atarax.html no prescription pharmacy

Oracle has even provided documentation to help administrators configure it correctly and ensure the servers are secure. The other was that MBIA was actually notified of the exposure more than a week before the company finally cut off access to the compromised server.

buy diflucan online meadfamilydental.com/wp-content/uploads/2023/10/jpg/diflucan.html no prescription pharmacy

Not only was the company behind the curve in configuring its critical infrastructure correctly, it then delayed in fixing a problem that was brought to its attention.

In many respects, MBIA’s breach wasn’t all that different from other breaches. Network vulnerabilities are common avenues for hackers, and security warnings have been known to be overlooked. Target’s massive 2013 breach and similar recent exposures back this up.

buy estrace online meadfamilydental.com/wp-content/uploads/2023/10/jpg/estrace.html no prescription pharmacy

Unfortunately for MBIA, these factors all came together in a perfect storm that resulted in a truly viral breach. Sensitive customer data was compromised and unspeakably valuable credentials and account creation instructions were also exposed. The indexing of that information on more than one major search engine spread the leaked data far and wide. Containment and mitigation became exponentially more difficult.

There is some reasonably good news in all of this. At this time, it doesn’t appear any of MBIA’s clients were defrauded as a result of the breach—yet. There are also important lessons we can learn from MBIA’s mistakes. Network assets must be carefully administered, as their security is one of the first lines of defense against criminals. In addition, security warnings—whether they’re provided by ethical hackers, concerned customers or automated intrusion detection systems—must be immediately checked out.

We have the tools to thwart thieves.
buy temovate online https://royalcitydrugs.com/temovate.html no prescription

Now is the time to use them.