Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/22/2014
01:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Online Trust Alliance Finds Data Breaches Spiked To Record Level In 2013

Yet 89 percent of all breach incidents were avoidable had basic security controls and best practices been enforced

SEATTLE, Jan. 22, 2014 /PRNewswire/ -- The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust, user empowerment and innovation, today recommended a series of best practices to help prevent online data breaches and other exploits, in collaboration with high-profile brands including American Greetings Interactive, AVG, Microsoft, Publishers Clearing House, Symantec and TRUSTe. These recommendations, released today in OTA's 2014 Data Protection & Breach Readiness Guide, were accompanied by several eye-opening statistics.

Leveraging preliminary year-end data from the Open Security Foundation and the Privacy Rights Clearinghouse, the OTA estimated in its guide that over 740 million records were exposed in 2013, making it the worst year in terms of data breaches recorded to date. And yet, after analyzing approximately 500 breaches over the past year, the OTA determined that 89% of all breach incidents were avoidable had basic security controls and best practices been enforced.

"Businesses and organizations have a responsibility to protect consumer privacy and prevent data breaches from aggressive cyberthieves," said Washington State Attorney General Bob Ferguson. "Consumers deserve to know who they can trust.

The Online Trust Alliance arms organizations with critical information to reduce cyber risk and protect consumers."

The annual guide is being published in advance of Data Privacy Day, Jan. 28, which the OTA commemorates by holding town hall forums and workshops led by cybersecurity and privacy luminaries in New York, San Francisco and Seattle.

These events come on the heels of several high-profile data breaches victimizing Target Corporation, Neiman Marcus and Adobe--a disturbing trend that undermines online trust and underscores the need to implement best practices.

"Data breaches are nothing new and have been around for quite some time; however, what we are seeing is a significant increase in incidents that not only harm consumers, but businesses as well, leading to a breakdown in consumer trust," said Tim Rohrbaugh, VP of Information Security for Intersections Inc.

and OTA Board Member. "Having a rigid, black and white approach to security controls and monitoring and being unprepared for an incident will cost businesses more in the end. These town halls are a great venue for business leaders in all sectors to come together and share best practices in improving security controls, customer data management, and data breach incident reporting."

According to the guide, best practices can only be achieved when companies are no longer complacent with meeting minimum compliance standards for data protection. Rather, they must meet the far loftier data privacy expectations of their own customers, by adopting a comprehensive data stewardship strategy that safeguards data across its entire lifecycle, from collection to deletion. Such efforts go hand in hand with developing an effective Data Incident Plan (DIP), a playbook that can be deployed on a moment's notice, delineating what steps must be taken when a breach happens. Businesses must be able to quickly assess the nature and scope of an incident, contain it, mitigate the damage and notify all interested parties, including law enforcement and affected customers.

"Consumers and businesses are both victims of rapidly escalating hacking attacks, and as stewards of consumer data it's incumbent on businesses to adopt best practices to help protect consumers from harm," said Craig Spiezle, executive director and president of the Online Trust Alliance. "Those companies that fail to do so need to be held accountable, by consumers, regulators and stockholders.

Indeed, the ramifications of a data breach can be far-reaching and long-term, creating a sort of "business shock," explains the guide. Consequences include a damaged brand, decreased sales, loss of third-party partnerships and contractual penalties imposed by customers, partners or service providers.

Ultimately, the guide urges all businesses to accept two fundamental premises:

One, the consumer data they are collecting invariably contains some form of personally identifiable information. And two, at some point they will inevitably experience data loss. When that happens, it's best to be prepared.

OTA's 2014 Data Protection & Breach Readiness Guide is available at:

https://Otalliance.org/Breach.html. A public webinar recapping the guide is being hosted on Feb. 12 from 9 a.m. to 10 a.m. PST. To register, visit http://bit.ly/1eFddns. Additional quotes from OTA supporters regarding Data Privacy Day and the guide are available at http://bit.ly/1mB3HaA.

Privacy Day Workshops

OTA's 2014 Data Privacy Day workshops in New York (Jan. 28), San Francisco (Jan.

30) and Seattle (Feb. 4) are designed to provide businesses with prescriptive advice about how to navigate complex security and data privacy issues, while enhancing brand trust and product innovation. Speakers include privacy experts from the FBI, Federal Trade Commission, Secret Service and the Attorney General's Offices of New York, California and Washington State. The events are in collaboration with the Better Business Bureau, Identity Theft Council and the local chapters of InfraGard, and are supported by underwriting from leading organizations including comScore, Intersections, PwC, Sailthru and TRUSTe. To attend a workshop, visit https://otalliance.org/dpd.html.

About The Online Trust Alliance (OTA)

The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment, while promoting innovation and the vitality of the Internet. OTA's goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, meaningful self-regulation and data stewardship. Its members include federal law enforcement agencies, and the world's leading e-commerce, online banking, online security and social media companies. For more information, visit:

https://otalliance.org.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.