Written By ESR News Blog Editor Thomas Ahearn
The 2015 Q1 IBM X-Force Threat Intelligence Quarterly report has revealed at least one billion records of Personally Identifiable Information (PII) were leaked in 2014, nearly 20% higher than in 2013 when approximately 800 million records were breached. The report also found that the number of security incidents in the United States (74.5%) was far higher than in other countries. The report can be downloaded at http://securityintelligence.com/xforce-report-Q1-2015/.
According to the article ‘Are Cracks in the Digital Foundation of the Internet Crumbling the Core?’ by IBM X-Force Threat Response Manager Leslie Horacek, “2014 saw a surge in the disclosure of ‘designer vulns’ and security incidents targeting more than financial gains.” Horacek also added that there were three “distinctive” and “overarching” themes for security Incidents in 2014:
Privacy in a Digital World
- Sensitive photos stored on a cloud service — which in itself is not fundamentally flawed — resulted in stolen data due to weak passwords, easy-to-guess security questions and service providers’ lax policies on brute-force authentication.
- Private email communications at a major Hollywood studio were released.
Cracks in the Foundation
- Critical vulnerabilities disclosed across several foundational systems (operating systems, open-source libraries and content management software) resulted in many exploited websites.
- Underlying libraries that handle cryptographic functionality on nearly every common Web platform — including Microsoft Windows, Mac OS X and Linux — were vulnerable to fairly trivial remote exploitations capable of stealing critical data.
Lack of Security Fundamentals
- End-user password reuse.
- Leaving default passwords on admin systems.
- Poor challenge questions for password reset procedures.
Horacek recommends businesses focus “on security fundamentals, such as password diligence, can provide a base level of protection that is invaluable.” The article is available on SecurityIntelligence.com at http://securityintelligence.com/cracksinthefoundation#.VQhu4md0wS8.
ESR SOC 2 Report
The Employment Screening Resources (ESR) SOC 2 Audit Report confirms that ESR meets high standards set by the American Institute of Certified Public Accountants (AICPA) for protecting the security, confidentiality, and privacy of consumer Personally Identifiable information (PII). Learn more at http://www.esrcheck.com/SOC-2/.
© 2015 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.