Posts

Data Breach Experts to Board of Directors: Wake the Hell Up

Despite deluge of stolen PII, data breach experts see little change in corporate security behavior

The results of a Ponemon Institute survey commissioned by defense contractor Raytheon suggest that the massive attention generated by recent data breaches have failed “to move the needle” in changing behaviors and attitudes toward information security at many companies.

One of my most trusted sources of information about data breach is Larry Ponemon of the Ponemon Institute. Larry’s data is unbiased, no nonsense and reliable, even though his work is occasionally commissioned by interested parties (like Raytheon). And supported by studies from other data breach experts, we are all screaming at your organization to WAKE THE HELL UP! I rarely use statistics (and only occasional but fully-justified swearing) in my keynote presentations (because I don’t fancy sleeping audiences — or lawsuits), but today I’m going to BOMBARD you with them. Use whichever stat you think will best shock your “head-in-the-scorching-sand” executive out of the destructive malaise that might lead you into an Anthem-like, Sony-style, Target-worthy data breach:

  • Many executives still appear to view a data breach as something that only happens to others (I call this the Arrogance Effect). Further, of the respondents commenting on their senior leaders…
  • 66% DO NOT perceive cybersecurity as a strategic priority
  • 78% HAVE NOT briefed their Board of Directors on their cyber security strategy over the past 12 months
  • 53% of organizations fail to take appropriate steps to comply with leading cyber security standards
  • Only 10% make their information security department responsible for granting access rights. So who controls the other 90%?
  • Despite the risks posed by insiders, 49% have no policies for assigning privileged user access
  • 57% fail to do a background check before assigning privileged credentials

If you haven’t had enough… more from PricewaterhouseCoopers

  • The total number of security incidents detected by respondents climbed to 42.8 million this year, an increase of 48% from 2013.
  • That’s the equivalent of 117,339 incoming attacks per day, every day.
  • The compound annual growth rate (CAGR) of detected security incidents has increased 66% year over year since 2009 (and that’s only the incidents detected and reported)
  • Crimes caused by internal actors are often more costly or damaging than compromises perpetrated by external groups. Yet many companies do not have an insider-threat program in place, and are therefore not prepared to prevent, detect, and respond to internal threats.
  • 65% of top offenders of insider crimes are current and former employees and most of the rest are contractors & consultants

And here’s the kicker for every data breach expert…

  • As incidents are rapidly rising, security spending is falling.
  • Investments in information security budgets declined 4% over 2013.
  • Small organizations, in particular, are not spending on security: Companies with revenues less than $100 million reduced security investments by 20% over 2013.
  • Many organizations have not yet elevated information security to a Board-level discussion. Fewer than half (42%) of respondents said their board actively participates in overall security strategy.
  • Barely 25% said their boards were involved in reviewing current security and privacy risks to the their organizations.

Believe it or not, in spite of the rash of massive data breaches, very few Chief Information Security Officers (CISOs) directly report to the CEO (Just 14% in the Raytheon survey).

Before the Target data breach, they had never hired a CISO. Obviously before the breach happened it wasn’t important to them either. That was a costly oversight that they will pay for in years to come as the poster child of cyber security data breach.

John Sileo is an an award-winning author and keynote speaker on keeping your organization from becoming the next data breach headline. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Read CreditCards.com Article featuring John!

Shredded bliss: 5 steps to choosing the perfect paper shredder

Protect yourself from identity theft by shredding daily

By Michael Berg

Modern criminals may be stealing personal information electronically through sophisticated online data mining tools, but small-time crooks sorting through food wrappers and dirty diapers in the quest for discarded paperwork ‘still lurk.

In fact, not shredding potentially sensitive documents before you dispose of them is almost like begging to become one of the Federal Trade Commission’s estimated 9 million victims of identity theft in the United States every year. And with adequate shredders available for as low as $50, there’s almost no excuse — every household should have one.

John Sileo can attest to this firsthand. The identity protection expert and professional speaker had his identity stolen twice, and in one of those instances, a shredder could have made all the difference. “Shortly after buying a house, I put some mortgage documents out in the trash, and didn’t think twice about it,” he says. Later “a woman used my identity to buy herself a home. Eventually, she declared bankruptcy as me.”

Click to Continue Reading

John Sileo became one of America’s leading Social Networking Speakers & sought after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Health Insurance Fraud: Why pay when you can steal?

Why pay for Health Insurance when you can steal it?

As the economy dropped severely in 2009, the instances of Identity Theft continued to rise. With desperate times and individuals struggling, Medical Identity Theft and Health Insurance Fraud reports by emergency rooms have been higher than normal over the past several months.  According to Javelin Strategy and Research, in 2009 Medical Record Theft had the longest length of time, 493 days,  between the theft and detection by the insured. This also led to the highest fraud amount of $18,480 and the largest mean consumer cost of $2987. That means the average consumer that suffers from Medical Identity Theft pays almost $3000 of his own money to resolve the theft! This shows how the financial repercussions of Medical Identity Fraud are the largest among Identity Fraud types.

There are more than just financial risks to Health Insurance Fraud. If your name is linked with another person’s medical records, their blood type, medical history and medications are recorded on your chart.  Inaccurate information can lead to ER and hospital mix ups with health complications that could prove deadly.

A new article by NPR discusses the many issues and risks with Health Insurance Fraud and Medical Identity Theft. They advise everyone to get a hard copy of their medical records in case they become a victim and have to prove what their medical history used to look like. No matter the fee to do so, I encourage everyone to keep a copy of this in their locked fireproof safe. Hopefully you’ll  never have to prove your health history, but at least you will be prepared!

Read National Public Radio’s full article that discuss this rising issue.

John Sileo became one of America’s leading Social Networking Speakers and sought-after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Data Breach Speaker: Organized Crime + Vendor Error

Here’s a statistic that’ll get your attention!  285 million records were compromised in 2008 according to a new data breach study from Verizon Business.  The report claims that organized crime is responsible for a large increase in the number of breached corporate electronic records.

The report of industries affected by data breach shows that Financial Services was the major gainer in 2008.  That industry doubled its percentage of data breach to 30% while Retail is still the most affected industry (barely) at 31%. The shift to data breach in Financial Services will affect all of us more drastically.

According to the study, which Verizon Business compiled using data from the 90 confirmed corporate network breaches it recorded last year, roughly 93% of all records breached came from the financial sector. The company also says that nine out of every 10 of these breaches involved “groups identified by law enforcement as engaged in organized crime.” Verizon says that the 285 million electronic records breached last year were more than the total number of records breached in the past four years combined. The reason for the sharp increase is that attacks on financial firms’ networks have become more sophisticated and successful, the company says. Although only 17% of the attacks studied by Verizon constituted “highly sophisticated” data breaches, these attacks were responsible for 95% of all records breached. Verizon says that cybercriminals are targeting financial service companies’ networks to get customers’ personal identification number (PIN) information in order to withdraw cash directly from their accounts. Cybercriminals are also selling PIN information on the black market, the company says. Read the full report on data breach. (Scroll down when you see “285”). Technorati Profile

Data Breach Speaker John Sileo

Largest Identity Theft Ring Charged

Are you one of the 200,000,000+ Americans (almost 66% of the US population) who had their identity stolen from TJ Maxx, Marshalls, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 or DSW?

If so, you need to know that 11 people, including a Secret Service informant, Read more