[BreachExchange] Global Orgs See 82K Cyber Incidents in 2016

[Inga Goddijn]

https://www.infosecurity-magazine.com/news/global-orgs-see-82k-cyber/

*2016 saw approximately 82,000 cyber incidents that negatively impacted
businesses and organizations around the globe; or, more than 225
organizations affected per day. It's higher when accounting for unreported
incidents.*

That’s the word from the Online Trust Alliance (OTA) 9th annual Cyber
Incident & Breach Response Guide. Released in recognition of Data Privacy &
Protection Day on Jan. 28, the guide shows that an average of 225
organizations were impacted worldwide every day, more than 20 times the
rate of the consumer data breaches reported for 2016.

According to OTA, cyber incidents involve business interruption from
ransomware, stealing of funds via business email compromise (BEC),
distributed denial of service attacks (DDoS), and takeover of critical
infrastructure and physical systems.

Examples include attacks on the Democratic National Committee
<https://www.infosecurity-magazine.com/news/russians-accused-of-hacking-dnc/>
which focused on unearthing political data and campaign intelligence for
reputational harm, the breaching of the World Anti-Doping Agency
<https://www.infosecurity-magazine.com/news/russian-hackers-leak-simone-biles/>
database which resulted in the public disclosure of confidential medical
data of world-class athletes, ransomware which resulted in the Hollywood
Presbyterian Medical Center
<https://www.infosecurity-magazine.com/news/hollywood-hospital-paid-17000/>
being taken offline for weeks and BEC, which successfully extracted
millions of dollars in unauthorized bank transfers.

“The high-profile cyber incidents of 2016 have taught us that financial
loss is only one of many other potential dangers of cybercrime,” said Craig
Spiezle, executive director and president of OTA <https://otalliance.org/>.
“Organizations are susceptible to security threats, reputation damage and
much more. It is essential for all organizations to plan ahead and secure
technologies, processes and procedures to help prevent, detect, remediate
and respond to the impact of a cyber incident.”

OTA came to its conclusions by tracking and analyzing threat intelligence
data from multiple sources, including from the Anti-Phishing Working Group
(APWG), the FBI, the Global Cyber Alliance, Infoblox, Interpol,
Malwarebytes, Microsoft, Risk Based Security, Security Scorecard, Symantec,
the US Secret Service and Verisign.

OTA also determined that more than 90% of all cyber incidents in 2016 could
have been easily prevented. As outlined in OTA’s Guide, the best defense is
a three-step strategy: Implement a broad set of operational and technical
best practices that help maximize the protection of customer and company
data; be prepared with an incident response plan that allows the company to
respond with immediacy, while ensuring maximal business continuity; and
understand that human factors play a critical role in how strong or weak an
organization’s security defenses are, how they respond and most importantly
how their actions are judged.

“Establishing safeguards upfront and being prepared to react strategically
to cyber incidents are critical components of any healthy and sustainable
enterprise,” said Johan Roets, CEO of Identity Guard
<http://www.identityguard.com/>. “Following OTA’s advice, as outlined in
this guide, is an essential first step in protecting data and helping to
decrease data loss incidents.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170126/a1fbd2f9/attachment.html>