Nine of Ten Breaches Easily Avoidable, Study Finds

Consumers are experiencing data breach burnout and aren't taking steps to protect themselves, data from Experian suggests.
Nine of every ten data breaches in 2015 could have been “easily prevented,” according to a study by The Online Trust Association.

In-brief: Nine of every ten data breaches that occurred in the first eight months of 2015 were “easily avoidable,” according to a study released by the Online Trust Association (OTA) on Tuesday. 

Nine of every ten data breaches that occurred in the first eight months of 2015 were “easily avoidable,” underscoring the need for private sector investment in tools and processes to thwart cyber criminals. That, according to a study released by the Online Trust Association (OTA) on Tuesday.

Ninety one percent of data breaches that occurred from January to August of 2015 could have easily been prevented using simple and well-established security practices, such as applying software patches to a server, encrypting data or ensuring employees do not lose their laptops, said OTA, which analyzed over 1,000 breaches involving the loss of personally identifiable information (PII) in 2015.

Hacks accounted for a minority of those incidents: 34 percent. In contrast, 30 percent were caused by employees who leaked data accidentally or maliciously.

The OTA released guidelines for businesses to follow and called on the private sector to do a better job assessing what data it must retain for business purposes and then applying strict security to that data.

[Read more Security Ledger coverage of data breaches here.]

“Organizations need to regularly review how they store, manage and secure their data. A plan needs to include prevention, detection, notification, remediation and recovery processes and operations,” the group said.

The Online Trust Alliance (OTA) is a non-profit, industry group created to “enhance online trust” by raising awareness of security and privacy issues affecting businesses and consumers. Its members include leading technology firms, retailers and others, including Microsoft, Twitter, The Gap, Verisign, Symantec and others.

Businesses and other organizations are too quick to collect customer and user data and too slow to protect it, the group has argued. That makes them attractive targets for hackers.

In recent months, the group has championed guidelines for holiday season shoppers buying connected gifts. It has also issued a guide for would be homebuyers to assess the security of connected or “smart” home features prior to purchase.

For their announcement on Tuesday, which is timed to coincide with Data Privacy and Protection Day on January 28th, OTA issued a range of guidance documents for businesses covering everything from cyber forensics, to risk assessment to considerations when shopping for cyber security.