Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

1/24/2017
04:45 AM
Curtis Franklin
Curtis Franklin
Curt Franklin
50%
50%

The Breaches Kept Coming in 2016

2016 was great for the digital bad guys.

2016 was a very good year for thieves, hackers, spies and assorted miscreants. That's according to the Identity Theft Resource Center (ITRC), which reported a 40% increase in data breaches in 2016 compared to 2015.

In the report, the ITRC Data Breach Report 2016, the ITRC says that there were 1,093 reported data breaches in the US in 2016, compared to 780 reported breaches in 2015. One major question about the data, generated through a project sponsored by CyberScout, is whether the rising numbers were due to more breaches, better reporting, or some combination of the two. In a written statement, Eva Velasquez, president and CEO of ITRC, said, "For the past 10 years, the ITRC has been aware of the under-reporting of data breach incidents on the national level and the need for more state or federal agencies to make breach notifications more publicly available. This year we have seen a number of states take this step by making data breach notifications public on their websites."

The ITRC isn't the only organization to make note of the rise in reported data breaches. On its website, the Privacy Rights Clearinghouse shows 526 total data breaches in 2016 as compared to 266 in 2015. The difference in the numbers illustrates just one of the difficulties in putting an accurate number to the issue: Almost all reports rely on a combination of government notification websites and voluntary notifications from companies that have been hit.

Regardless of the source, there's no doubt that the number of records involved in data breaches in 2016 was huge. A quick scan through the list of breaches made public in 2016 (though the list includes some breaches that actually occurred in previous years) show more than 2.3 billion records revealed to unauthorized individuals. And those compromised records carry a steep cost. According to the 2016 Cost of Data Breach Study: Global Analysis conducted by the Ponemon Institute, the average cost per lost record is $158, with an average cost per breach of $4 million.

According to the Ponemon report, the most significant portion of a data breach's cost didn't come from regulatory compliance or breach remediation, but from lost business -- the damage to a company's reputation and "churn" from customers who leave following a breach have a significant impact on an organization's bottom line.

Verizon's 2016 Data Breach Investigations Report echoed Ponemon's conclusion about the cost of a damaged reputation and asked whether there's anything to be done in defense of a company's data. The answers were straightforward and not surprising: patch your software, don't rely on passwords, teach your users about the dangers of phishing, and for heaven's sake monitor the activity inside your network. The worst damage happens when an outsider crashes your party and sets up camp, casually roaming laterally through your networks and assets for weeks or months at a time before anyone notices that the data cupboards have been plucked bare.

— Curtis Franklin, Security Editor, Light Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5615
PUBLISHED: 2020-08-04
Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-5616
PUBLISHED: 2020-08-04
[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] fre...
CVE-2020-5617
PUBLISHED: 2020-08-04
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.
CVE-2020-11583
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-11584
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.