Dissecting Data Breaches, Debunking Myths

Trend Micro’s report on data breaches provides insight into how retailers can defend against hackers.

September 23, 2015

IRVING, Texas – Major data breaches continue to dog corporations and consumers alike. So far this year, CareFirst BlueCross BlueShield, Office of Personnel Management and Anthem were among companies hacked. Trend Micro’s new report “Follow the Data: Dissecting Data Breaches and Debunking Myths” sheds light on the end-to-end process of a hack and the ways stolen data is leveraged.

In the report, Numaan Huq of the Forward-Looking Threat Research (FTR) Team analyzes each element within a data breach including attack methods, motivations and how stolen data is used. Huq also provides key insight for businesses looking to understand the nature and likelihood of breaches in their industry.

The report examines the top five industries most frequently breached, including retail, and the cybercriminal methods used to steal data. Trend Micro diagnoses data breaches to determine attack methods, extent of damage and the probability of which data is more likely to be stolen or lost based on industry. The company analyzes what data was stolen, by whom, and potential ways it will be leveraged. Finally, the report discusses defense methods for organizations to integrate within business operations to mitigate fallout, including a response plan for successful attacks.

Huq has examined 10 years of information on data breaches (2005–2015) in the United States from the Privacy Rights Clearinghouse (PRC) to better understand the real story behind data breaches and their trends. For example, he found that credit- and debit-card data breach incidents have increased 169% over the past five years. But surprisingly, credit and debit card, bank account, and personally identifiable information have all plateaued or are dropping due to oversupply in terms of prices on the underground marketplace, while the value of compromised Uber, PayPal and online poker accounts are rising.

Industries analyzed in the report include healthcare, government, retail, financial and education. The report also provides an update on the state of data breach legislation in the United States. The full report may be downloaded here

Advertisement
Advertisement
Advertisement