Online Trust Alliance Exposes How Rash of Ransomware Could Have Been Avoided

databreachThe Online Trust Alliance (OTA) has just released its 2016 Data Protection and Breach Readiness Guide.

This week, the non-profit organization with the mission “to enhance online trust,” shared the report’s findings with MMW.

The guide, in a nutshell, provides prescriptive advice to help businesses optimize online privacy and security practices, and detect, contain and remediate the risk and impact of data loss incidents.

As part of the report, OTA analyzed key cybersecurity and online privacy trends.

“Much like surge pricing for taxis, cybercriminals now target and calculate their ransomware pricing based on company size, market value and much more,” says Craig Spiezle, Executive Director and President of OTA. “Cyber-surge pricing of corporate data is becoming widespread, increasing the impact and costs for businesses and their employees worldwide.”

Astonishingly, OTA found 91 percent of data breaches that occurred from January to August of 2015 could have “easily been prevented” by, for example, patching a server, encrypting data or ensuring employees do not lose their laptops.

OTA also announced that when analyzing over a thousand breaches involving the loss of personally identifiable information (PII) in 2015, it found actual hacks accounted for 34 percent of all incidents, while 30 percent were caused by employees—accidentally or maliciously—due to a lack of internal controls. The balance of incidents can be primarily attributed to lost or stolen devices (7 percent) and social engineering/fraud (8 percent). Lost, stolen or misplaced documents accounted for 9 percent of all incidents.

“As companies amass larger quantities of diversified data and increase their reliance on third party service providers, every business must have safeguards in place and be prepared to react strategically in the event of a breach,” said Neil Daswani, Chief Information Security Officer at LifeLock. “Cybercriminals aren’t just targeting companies that collect consumer data, they are going after confidential high-value data from legal, accounting, architecture and engineering firms.”

To learn more, check out the  2016 Data Protection and Breach Readiness Guide.