Last month, we explored how data gets compromised in confirmed data loss incidents as reported in the 2018 Data Security Incident Response Report from the law firm of BakerHostetler. However, what data is most at risk of being lost, and why does it have value?
As we discuss in our “Cybersecurity Express” Security Awareness Training sessions, BakerHostetler reports the frequency in which certain data types were lost:
- Social Security Numbers, 46%
- Health information (PHI), 39%
- Other confidential information, 26% (including student ID numbers, User Name & Password credentials, Intellectual Property)
- Birthdate, 24%
- Financial data, 15%
- PCI data, 12%
- Driver’s license, 10%
A person’s name in conjunction with these types of data can be leveraged by those with malicious intent to create false passports and other forms of identification, or to create false bank accounts and tax returns for illicit financial game. As a result, a single record of known good information, consisting of a name and one of these pieces of personal information sells on the dark web for between $8 and $10 per record. With news stories of breaches consisting of thousands to millions of records, the financial incentives for cybercriminals are huge!
Be sure you business is leveraging the appropriate physical, technical, and administrative controls to keep data secure so that you can Keep Calm and Compute On!