• Identity Theft Resource Center (ITRC) published its latest compilation of confirmed data breach notifications affecting US organizations and customers so far this year
• 1,120 total breaches and more than 171 million records exposed is frightening
• In all of 2016, the ITRC reported 1,039 total breaches and just over 36.6 million records exposed
• What really stands out is the numbers that remain unknown
• Breaches and the number of records exposed are in five categories
• 1-Banking/Credit/Financial, 2-Business, 3-Educational, 4-Government/Military, 5-Medical/Healthcare
• Here is the one-page summary  and the the full report that is truly eye-opening.

In its half-year analysis of the 2017 US data breach landscape, the ITRC and CyberScout noted the following about the sources of identified data breaches:

• Hacking (a category that includes phishing, ransomware/malware, and skimming) was the primary method of attack in 63% of the overall breaches.
  • Phishing figured into 47.7% of hacking-based attacks.
  • Ransomware and/or malware was identified in 18.5% of attacks attributed to hacking.
• Employee-driven factors (i.e., error, negligence, improper disposal, and loss) were the root cause of 9% of breaches.
• Accidental online exposure of data was identified in nearly 7% of breaches.

In examining these causes, it’s clear that employee behaviors figure into a large number of data breaches — and that human factor is costly. But the question is: Do your employees truly know how to avoid mistakes?

We’d make the case that users can’t forget things that they they’ve never known. Awareness is not knowledge. Simulated phishing attacks — while valuable assessment tools — are not training. And cybersecurity threats extend beyond the phish. To manage end-user risk more effectively, you must give your employees a seat at the table and empower them to be part of the solution — and thoughtful, ongoing security awareness training can help you do just that.