Financial sector most at risk for internal breaches, says new security report

risky business man running wall stone

As we enjoy these early days of March, it’s important to look back and see what we can learn from the past month. In some cases, learn just how many data breaches companies have encountered and had to deal with in that month alone. The California Department of Justice has just released the California Data Breach Report for February 2016, taking a look at all the data breaches, security failures, and hack attacks that month suffered.

“With more of our personal information online, it is imperative that organizations employ strong privacy practices,” California Attorney General Kamala D. Harris states in the introductory message. “Foundational to those privacy practices is information security: if companies collect consumers’ personal data, they have a duty to secure it. An organization cannot protect people’s privacy without being able to secure their data from unauthorized access.”

An Overview of Threats

Overall, there are three different types of breaches: malware and hacking, physical breaches, and breaches caused by errors. Of course, the specifics in those breaches create multitudes of categories (just the different types of malware alone could take up an entire new report), but that’s a simplified view.

By far, malware and hacking posed the biggest threat to organizations. They’re the cause of more than half the reported breaches, as well as every breach that hit more than a million records. If you’re in the retail sector, nine times out of ten malware will be the cause of a breach, particularly for stealing personal information or credit card numbers.

Of course, there are more than credit cards at risk of a data breach. The report looks at the types of data breached, and the most-targeted type of information is sensitive personal info. That includes not just names and addresses, but Social Security numbers, medical information, and tax records. In fact, nearly half of the breaches involved stolen Social Security numbers, which means a lot of people were put at risk for identity theft.

Mind you, payment card data was still a huge target, but the report notes that as retailers begin making the transition to chip-enabled payment cards, credit cards will become less of an attractive target, so criminals will turn their attention more towards Social Security numbers. By the time the 2017 report comes out, we can expect to see stolen SSN data going from just under half of the breaches to well over.

Industries at Risk

As the report also divides up the attacks by industry, we can see what sectors were the most prominently targeted. Topping the list is retail, and as previously mentioned, 90 percent of all retail data breaches were caused by malware or hacks, particularly ones stealing credit card data. The financial sector was close behind, mostly resulting in stolen Social Security numbers. The most disturbing part about that, though, is the report’s mention that it’s the sector most vulnerable to breaches through internal mistakes, such as employees simply making a small error and falling for a phishing scam.

To Every Problem, a Solution

Fortunately, the report offered solutions to the many problems it noted. Businesses are already required to use “reasonable security procedures and practices,” although what exactly qualifies as “reasonable” can be a matter of opinion. The report not only includes the minimum level of information security that organizations should use, but also suggests multi-factor authentication for all consumer accounts, strong encryption, and fraud alerts. It even has recommendations for state policymakers, to try and bring about organized and universal state breach laws.

The full report is incredibly lengthy, covering past information from 2012 up until the present to see how trends and threats have changed over the years. If you want to be in the know about the latest threats and how to combat them, take a look and see what you can do to keep your systems and information safe.

photo credit: la logique de l’entreprise, yuppie via photopin (license)