The Sm@rtEdgeLaw Group

- "Smart companies need a Sm@rtEdge" TM

1+ Billion Records Exposed So Far in 2016

Perhaps the most damning findings of the mid-year Data-Breach Quick View Report are:

  • First, attackers continue to have broad success using tried and true techniques – That the same techniques (and we’re not talking about zero-day attacks) pay off time and time again is a sad testament to human nature and inertia.
  • Misconfigured databases continue to serve up large amounts of data – The majority of attacks (77.6%) so far in 2016 resulted from outside hacks that were successful due to databases with known or unpatched/uncorrected weaknesses.
    • For example, a MacKeeper security researcher discovered a misconfigured MongoDB hosted on AWS servers located in the United States that contained personal information on 93.4 million Mexican voters.  Breached.
    • And these attacks, like lightning, hit the same target again and again.  The Report notes 54 organizations in the first half of 2016 reported multiple incidents.
  • Reusing log-in credentials across multiple sites can have cascading effects across many organizations – Passwords are a growing (and increasingly recognized) weakness.
    • As the number of breaches grows, more and more password databases have been compromised, allowing criminals and hackers to tune their password cracking databases.
    • The situation has led to the National Institute for Standards and Technology (NIST) to generate a draft of new guidelines for federal password polices, including a strong push to two-factor authentication – see Special Publication 800-63-3: Digital Authentication Guidelines at https://pages.nist.gov/800-63-3/ and a quick slide presentation by draft co-author, Jim Fenton, Toward Better Password Requirements at http://www.slideshare.net/jim_fenton/toward-better-password-requirements)

Conclusion The Report is a useful refresh to discuss with your own IT dept, to use as a check of your company’s contract templates and data protection “addendums” (like SmartedgeLaw’s state of the art exhibit) to ensure that obligations to be imposed on vendors include specific safeguards against the most common data breach incident vectors. Feel free to contact us to discuss the report at 203 307-2665 or email at info@smartedgelawgroup.com if you have any questions about what the Report may mean in light of your own data security and privacy efforts.

SIgn up for “Smartedge Perspectives” Alerts

Updated: 09/06/2016 — 3:32 pm

The Author

R Santalesa

(p) 203.292.0667 (e) rsantalesa@smartedgelawgroup.com Richard Santalesa is based in Fairfield, Connecticut and New York City.
© 2014 Sm@rtEdge LLC. All Rights Reserved. Attorney advertising. Prior results do not guarantee a similar outcome. Site Map Privacy Policy Frontier Theme
%d bloggers like this: