A lot has been said about breaches—their impact on victims, their cost, and whatnot—but not much focus is ever placed on the data stolen, where it goes, what other information can be pulled from it, and how attackers can further use it. This paper aims to cover that. We’ll follow the data. Thanks to the Privacy Rights Clearinghouse (PRC)’s Data Breaches database, we got to examine what’s been taken, draw out probabilities, and investigate related activities in the cybercriminal underground.
Through the analyses, we observed several interesting facts that dispel common myths on data breaches, which may help organizations identify a course of action that would best secure their information. Here are just a few of our more notable findings:
• Hacking or malware were behind 25% of the data breach incidents from 2005 to April 2015.
• Over the past five years, incidents of payment card data breaches have increased 169%.
• The healthcare sector was most affected by data breaches, followed by the government and retail sectors.
• Personally identifiable information (PII) was the most stolen record type. Financial data came in second.
• Apart from the usual credit card, bank account, and PII dumps—whose prices in the underground have plateaued—there was a prominence of ads selling Uber, PayPal, and poker accounts.
In this paper, we’ll also share the critical security controls that enterprises must try to establish and strengthen in order to detect intrusions and unintended disclosures that can lead to data breaches.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program