News Stay informed about the latest enterprise technology news and product updates.

Report: More than 90% of 2014 data breaches could have been prevented

The Online Trust Alliance finds that over 90% of data breaches resulting in data loss could have been prevented.

The Online Trust Alliance (OTA) has analyzed more than 1,000 data breaches from 2014 and concluded that as many...

as 90% of them could have been easily prevented.

The OTA studied data breaches from 2014 that involved the loss of personally identifiable information (PII) and found that those breaches could be attributed to one of four causes: 40% by external intrusions; 29% by employees, either accidentally or maliciously; 18% by lost or stolen devices or documents; and 11% by social engineering or fraud.

According to the OTA, 90% of these data breaches could have been easily avoided by strengthening internal controls.

"Businesses are overwhelmed with the increasing risks and threats, yet all too often fail to adopt security basics," said Craig Spiezle, executive director and president of OTA.

To help organizations with those security basics, OTA has released two companion guides: one covering security best practices and controls, and one for security risk assessment.

One pixelInsider threat prevention controls to thwart
data breach incidents

The best practices suggestions include detailed tips for 12 "critical yet achievable" security items, like enforcing effective password management policies, conducting regular penetration tests and vulnerability scans, implementing a mobile device management system (MDM), and developing, testing and refining a data breach response plan.

The guide for security risk assessment aims to help organizations follow industry and regulatory best practices, and follow the four general steps to risk assessment: threat assessment, vulnerability identification, risk determination and control recommendation.

OTA plans to present these guides and research findings in a series of three "town hall" meetings scheduled in Silicon Valley, Calif., on Jan. 28;  New York on Feb. 3; and Washington D.C. on Feb. 5. The events will include sessions featuring leaders from the FBI, Secret Service, the New York and California Attorney General's office, Twitter and more, and will cover major data breaches from the past year, including those impacting  Sony and Home Depot.

Next Steps

Learn 10 easy steps to creating a data breach response plan.

Dig Deeper on Data security breaches

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Does your company follow the risk assessment and security best practices suggested by OTA?
Cancel
I expect 100% could have been prevented.

1. Encrypt your data.

How many of these incidents were of unencrypted data?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close