Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

1/24/2017
04:45 AM
Curtis Franklin Jr.
Curtis Franklin Jr.
Curt Franklin
50%
50%

The Breaches Kept Coming in 2016

2016 was great for the digital bad guys.

2016 was a very good year for thieves, hackers, spies and assorted miscreants. That's according to the Identity Theft Resource Center (ITRC), which reported a 40% increase in data breaches in 2016 compared to 2015.

In the report, the ITRC Data Breach Report 2016, the ITRC says that there were 1,093 reported data breaches in the US in 2016, compared to 780 reported breaches in 2015. One major question about the data, generated through a project sponsored by CyberScout, is whether the rising numbers were due to more breaches, better reporting, or some combination of the two. In a written statement, Eva Velasquez, president and CEO of ITRC, said, "For the past 10 years, the ITRC has been aware of the under-reporting of data breach incidents on the national level and the need for more state or federal agencies to make breach notifications more publicly available. This year we have seen a number of states take this step by making data breach notifications public on their websites."

The ITRC isn't the only organization to make note of the rise in reported data breaches. On its website, the Privacy Rights Clearinghouse shows 526 total data breaches in 2016 as compared to 266 in 2015. The difference in the numbers illustrates just one of the difficulties in putting an accurate number to the issue: Almost all reports rely on a combination of government notification websites and voluntary notifications from companies that have been hit.

Regardless of the source, there's no doubt that the number of records involved in data breaches in 2016 was huge. A quick scan through the list of breaches made public in 2016 (though the list includes some breaches that actually occurred in previous years) show more than 2.3 billion records revealed to unauthorized individuals. And those compromised records carry a steep cost. According to the 2016 Cost of Data Breach Study: Global Analysis conducted by the Ponemon Institute, the average cost per lost record is $158, with an average cost per breach of $4 million.

According to the Ponemon report, the most significant portion of a data breach's cost didn't come from regulatory compliance or breach remediation, but from lost business -- the damage to a company's reputation and "churn" from customers who leave following a breach have a significant impact on an organization's bottom line.

Verizon's 2016 Data Breach Investigations Report echoed Ponemon's conclusion about the cost of a damaged reputation and asked whether there's anything to be done in defense of a company's data. The answers were straightforward and not surprising: patch your software, don't rely on passwords, teach your users about the dangers of phishing, and for heaven's sake monitor the activity inside your network. The worst damage happens when an outsider crashes your party and sets up camp, casually roaming laterally through your networks and assets for weeks or months at a time before anyone notices that the data cupboards have been plucked bare.

— Curtis Franklin, Security Editor, Light Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3454
PUBLISHED: 2021-10-19
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-...
CVE-2021-3455
PUBLISHED: 2021-10-19
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
CVE-2021-41150
PUBLISHED: 2021-10-19
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is c...
CVE-2021-31378
PUBLISHED: 2021-10-19
In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing subscriber access and a subscriber is logged in and then requests to logout, the subscriber may be fo...
CVE-2021-31379
PUBLISHED: 2021-10-19
An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service (DoS) to the PFE on the device which is disabled as a result of the processing of these pac...