Data breaches are all over the news. Yahoo admitted that at least 500 million user accounts were affected by a 2014 cybersecurity breach. The 2016 election season was filled with revelations gleaned from stolen emails. The Justice Department, Internal Revenue Service, the US Navy, and Snapchat all suffered breaches in 2016. The list seems endless. Most significant, however, were the 2015 breaches of the Office of Personnel Management (OPM), which experienced two separate cybersecurity incidents that resulted in stolen personnel files of almost 22 million people who had undergone background investigations.
While the technology and government sectors have endured arguably the largest breaches we’ve seen in recent history, other businesses aren’t excluded from these security disasters. In fact, 15% of global businesses estimate their company’s sensitive data was potentially compromised or breached over a 12-month period, according to Forrester data. This number may be low, however, as companies traditionally do not publicly report breaches if they can avoid it. Some breaches, such as at Target, get reported in the media and then the company must acknowledge the breach. Also, new SEC rules requiring a data breach report if the breach may have material impact on the stock price has revealed other breaches that might otherwise have flown under the radar. With breaches on the rise, how can today’s security professionals transition from a reactive method of security to one that proactively identifies and eliminates threats?
Read full article by John Kindervag at DarkReading>>