[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Historically, Over 1.2 Billion Records Exposed According to Risk Based Security, Inc.
Forwarded from: Jake Kouns <jkouns (at) opensecurityfoundation.org>
RICHMOND, VA, February 21, 2012 - The global economy may have remained weak in
2011, but criminal efforts to compromise personal information remained strong,
according to Risk Based Security, Inc (RBS). The total number of records
exposed in 2011 topped 368 million and represents the highest annual lost
records total ever recorded. The previous high mark was in 2009 with over 191
million records. Even more alarming is that of all the data breach incidents
reported, 33 percent report that the number of records exposed is unknown and
thus do not appear in the records total. According to calculations based on
breach averages by the Open Security Foundation, the exposed records total of
1,287,334,468, as of December 31, 2011, is potentially understated by as much
as thirty percent.
Risk Based Security's 2011 year-end Data Breach Intelligence report, recently
released to customers, shows that four incidents in 2011 have been added to the
Top 10 all time "records lost" list. When it comes to lost records, sources
external to the organization dominate by accounting for 86.69% of all records
lost in 2011. Outside accounted for 60.1% of all lost records during 2010. The
average number of lost records per incident for 2011 is 374,156. These
statistics firmly dispute the longstanding notion perpetuated by historical CSI
/ FBI computer crime surveys and the computer industry that more incidents
occur as a result of insiders than outsiders.
The RBS Data Breach Intelligence report also revealed that computer-based
intrusion (i.e., hacking) was responsible for 33 percent of the 2011 breaches,
totaling 305,809,012 records. This represents 83 percent of the total number of
exposed records in 2011. "Stolen Laptop", the number one breach type all time
through 2010, has now been replaced at the top spot by hacking.
The latest information and research conducted by Risk Based Security suggests
that organizations in all industries need to take note that they face a very
real threat from security breaches. Whether it is the constantly increasing
security threats, ever-evolving IT technologies, or limited security resources,
data breaches and the costs related to response and mitigation are escalating
quickly. Organizations today need more timely and accurate analytics in order
to better prioritize security spending based on their unique risks.
Learn how to be a Pen Tester or a CISSP with Expanding Security online. Get
a free class invitation and see how good and fun the program really is.