- Breaches and the number of records exposed are in five categories
- Here is the one-page summary and the the full report that is truly eye-opening.
|Total Number of Breaches||Total Number of Records Exposed||Number of Breaches with Total Records Identified||Number of Breaches with Total Records Unknown|
In its half-year analysis of the 2017 US data breach landscape, the ITRC and CyberScout noted the following about the sources of identified data breaches:
- Hacking (a category that includes phishing, ransomware/malware, and skimming) was the primary method of attack in 63% of the overall breaches.
- Phishing figured into 47.7% of hacking-based attacks.
- Ransomware and/or malware was identified in 18.5% of attacks attributed to hacking.
- Employee-driven factors (i.e., error, negligence, improper disposal, and loss) were the root cause of 9% of breaches.
- Accidental online exposure of data was identified in nearly 7% of breaches.
In examining these causes, it’s clear that employee behaviors figure into a large number of data breaches — and that human factor is costly. But the question is: Do your employees truly know how to avoid mistakes?
We’d make the case that users can’t forget things that they they’ve never known. Awareness is not knowledge. Simulated phishing attacks — while valuable assessment tools — are not training. And cybersecurity threats extend beyond the phish. To manage end-user risk more effectively, you must give your employees a seat at the table and empower them to be part of the solution — and thoughtful, ongoing security awareness training can help you do just that.