The Online Trust Alliance (OTA) has analyzed more than 1,000 data breaches from 2014 and concluded that as many...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
as 90% of them could have been easily prevented.
The OTA studied data breaches from 2014 that involved the loss of personally identifiable information (PII) and found that those breaches could be attributed to one of four causes: 40% by external intrusions; 29% by employees, either accidentally or maliciously; 18% by lost or stolen devices or documents; and 11% by social engineering or fraud.
According to the OTA, 90% of these data breaches could have been easily avoided by strengthening internal controls.
"Businesses are overwhelmed with the increasing risks and threats, yet all too often fail to adopt security basics," said Craig Spiezle, executive director and president of OTA.
The best practices suggestions include detailed tips for 12 "critical yet achievable" security items, like enforcing effective password management policies, conducting regular penetration tests and vulnerability scans, implementing a mobile device management system (MDM), and developing, testing and refining a data breach response plan.
The guide for security risk assessment aims to help organizations follow industry and regulatory best practices, and follow the four general steps to risk assessment: threat assessment, vulnerability identification, risk determination and control recommendation.
OTA plans to present these guides and research findings in a series of three "town hall" meetings scheduled in Silicon Valley, Calif., on Jan. 28; New York on Feb. 3; and Washington D.C. on Feb. 5. The events will include sessions featuring leaders from the FBI, Secret Service, the New York and California Attorney General's office, Twitter and more, and will cover major data breaches from the past year, including those impacting Sony and Home Depot.
Learn 10 easy steps to creating a data breach response plan.