Historically, Over 1.2 Billion Records Exposed According to Risk Based Security, Inc.

[InfoSec News <alerts () infosecnews org>]

Forwarded from: Jake Kouns <jkouns (at) opensecurityfoundation.org>

http://www.riskbasedsecurity.com/2012/02/historically-over-1-2-billion-records-exposed-according-to-risk-based-security-inc/


RICHMOND, VA, February 21, 2012 - The global economy may have remained weak in 
2011, but criminal efforts to compromise personal information remained strong, 
according to Risk Based Security, Inc (RBS). The total number of records 
exposed in 2011 topped 368 million and represents the highest annual lost 
records total ever recorded. The previous high mark was in 2009 with over 191 
million records. Even more alarming is that of all the data breach incidents 
reported, 33 percent report that the number of records exposed is unknown and 
thus do not appear in the records total. According to calculations based on 
breach averages by the Open Security Foundation, the exposed records total of 
1,287,334,468, as of December 31, 2011, is potentially understated by as much 
as thirty percent.

Risk Based Security's 2011 year-end Data Breach Intelligence report, recently 
released to customers, shows that four incidents in 2011 have been added to the 
Top 10 all time "records lost" list. When it comes to lost records, sources 
external to the organization dominate by accounting for 86.69% of all records 
lost in 2011. Outside accounted for 60.1% of all lost records during 2010. The 
average number of lost records per incident for 2011 is 374,156. These 
statistics firmly dispute the longstanding notion perpetuated by historical CSI 
/ FBI computer crime surveys and the computer industry that more incidents 
occur as a result of insiders than outsiders.

The RBS Data Breach Intelligence report also revealed that computer-based 
intrusion (i.e., hacking) was responsible for 33 percent of the 2011 breaches, 
totaling 305,809,012 records. This represents 83 percent of the total number of 
exposed records in 2011. "Stolen Laptop", the number one breach type all time 
through 2010, has now been replaced at the top spot by hacking.

The latest information and research conducted by Risk Based Security suggests 
that organizations in all industries need to take note that they face a very 
real threat from security breaches. Whether it is the constantly increasing 
security threats, ever-evolving IT technologies, or limited security resources, 
data breaches and the costs related to response and mitigation are escalating 
quickly. Organizations today need more timely and accurate analytics in order 
to better prioritize security spending based on their unique risks.

[...]


______________________________________________________________________________
Learn how to be a Pen Tester or a CISSP with Expanding Security online. Get
a free class invitation and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill