The Evolution of Data Breach Threats

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.databreachtoday.com/blogs/evolution-data-breach-threats-p-1688

The number of data breaches - both experienced and reported - is expected
to continue to increase, with new security threats and regulations that
push for more transparency on the horizon. For example, the U.S. Government
Accountability Office reported that the number of such incidents involving
personal data increased to 25,566 last year from 10,481 in 2009.

It's clear that protecting federal agencies from data breaches and
cyber-attacks is a priority for the government. A White House working group
on big data and privacy is taking steps toward that goal by researching
national security and data breaches and providing recommendations to ensure
that data is protected.

To better understand what may lie ahead, we need to look at how concerns
about data breaches will evolve over the course of 2014.

Data Breach Cost Will Be Down But Still Impactful.

As more government agencies learn how to identify and respond to security
incidents and data breaches, the cost per record in data breaches will
continue to decrease. However, security incidents and other breaches still
may cause significant network disruption if not properly managed. A key
factor for the reduction includes agencies having a strong security posture
with incident response plans in place.

Cloud and Big Data = Big International Breaches?

Tomorrow's data breaches are likely to be global in nature, adding
significant complexity to the data breach response process. With the rise
of the cloud, significant quantities of sensitive data now travel
seamlessly across national borders very quickly. Yet, while these data
flows are global, the data breach laws and cultural norms for responding to
an incident are local. This makes responding to a large breach a
significant compliance challenge.

With the European Union expected to pass more stringent regulations, the
frequency of reported international data breaches is likely to increase
dramatically.

Healthcare Breaches: Opening the Floodgates

Medical identity theft claimed more than 1.8 million U.S. victims before
the end of 2013. The healthcare industry is entering a new frontier of
security and regulations. The sheer size of the industry, coupled with
health insurance exchanges - which are slated to add millions of
individuals into the healthcare system - increases its vulnerability and
susceptibility to data breaches.

Further, the industry also must comply with the new HIPAA data breach
reporting requirements. Over the next year, reported incidents will rise
and regulations will force organizations to re-evaluate data management
procedures or face hefty fines.

A Surge in Adoption of Cyber-Insurance

The increase in cyber-related data breaches is driving the federal
government to think beyond the traditional technology-centric strategy.
Many companies in the private sector already are looking beyond just
investing in technology to protect against attacks and are moving toward
the insurance market to manage financial ramifications of breaches. While
there are a growing variety of coverage options for companies, the federal
market still is in its infancy.

Not only does cyber-insurance provide a financial remedy, but the process
of evaluating coverage helps many companies improve their security posture
and preparedness as well. With the insurance industry evolving at breakneck
speed, cyber-insurance will start to become a must-have, and the government
should look to this option for agencies.

Breach Fatigue: Rise in Consumer Fraud?

Each day there are security incidents that go unreported, but as laws
change and awareness grows, more breaches are likely to be made public. As
the number of reported breaches in the media increases and the frequency of
notifications that consumers receive grows, the public may become apathetic
toward the subject. This fatigue could lead to significantly more harm by
causing fewer consumers to take action to protect themselves after an
incident, thereby exposing themselves to greater risk. To help fight
fatigue and encourage action, notifications need to be clear and
understandable.

Beyond the Regulatory Check Box

This year, state regulators and law enforcement will devote significant
attention to helping organizations better manage breaches. This includes
expanded enforcement action as well as opportunities to share best
practices in helping to prevent incidents and protect individuals. While a
national data breach law isn't likely to be passed this year, expect one by
the end of the decade.

Looking ahead, it's imperative that the federal government and its
organizations understand the evolving data breach environment and ensure
that their response plans are enhanced continuously to address emerging
issues.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!