Forwarded from: Jake Kouns <jkouns (at) opensecurityfoundation.org> http://www.riskbasedsecurity.com/2012/02/historically-over-1-2-billion-records-exposed-according-to-risk-based-security-inc/ RICHMOND, VA, February 21, 2012 - The global economy may have remained weak in 2011, but criminal efforts to compromise personal information remained strong, according to Risk Based Security, Inc (RBS). The total number of records exposed in 2011 topped 368 million and represents the highest annual lost records total ever recorded. The previous high mark was in 2009 with over 191 million records. Even more alarming is that of all the data breach incidents reported, 33 percent report that the number of records exposed is unknown and thus do not appear in the records total. According to calculations based on breach averages by the Open Security Foundation, the exposed records total of 1,287,334,468, as of December 31, 2011, is potentially understated by as much as thirty percent. Risk Based Security's 2011 year-end Data Breach Intelligence report, recently released to customers, shows that four incidents in 2011 have been added to the Top 10 all time "records lost" list. When it comes to lost records, sources external to the organization dominate by accounting for 86.69% of all records lost in 2011. Outside accounted for 60.1% of all lost records during 2010. The average number of lost records per incident for 2011 is 374,156. These statistics firmly dispute the longstanding notion perpetuated by historical CSI / FBI computer crime surveys and the computer industry that more incidents occur as a result of insiders than outsiders. The RBS Data Breach Intelligence report also revealed that computer-based intrusion (i.e., hacking) was responsible for 33 percent of the 2011 breaches, totaling 305,809,012 records. This represents 83 percent of the total number of exposed records in 2011. "Stolen Laptop", the number one breach type all time through 2010, has now been replaced at the top spot by hacking. The latest information and research conducted by Risk Based Security suggests that organizations in all industries need to take note that they face a very real threat from security breaches. Whether it is the constantly increasing security threats, ever-evolving IT technologies, or limited security resources, data breaches and the costs related to response and mitigation are escalating quickly. Organizations today need more timely and accurate analytics in order to better prioritize security spending based on their unique risks. [...] ______________________________________________________________________________ Learn how to be a Pen Tester or a CISSP with Expanding Security online. Get a free class invitation and see how good and fun the program really is. http://www.expandingsecurity.com/PainPillReceived on Thu Feb 23 2012 - 01:53:58 PST
This archive was generated by hypermail 2.2.0 : Thu Feb 23 2012 - 01:53:42 PST