According to a February 2016 California data breach report issued by the California attorney general’s office, the majority of data breaches are easily preventable if basic security measures are adopted. Had companies doing business in the state of California implemented industry best practices and adhered to federal and state regulations, the privacy of millions of Californians would have been protected.
However, that was not the case and over the course of the past 4 years close to 50 million state residents have had their private data exposed as a result of data breaches suffered by government and private organizations.
The California data breach report includes a summary of data breaches reported to the attorney general’s office between 2012 and 2015. From 2012, the California Attorney general’s office needed to be notified of a breach of personally identifiable information if more than 500 state residents were affected.
Between 2012 and 2015, 657 data breaches were reported. 49.6 million state residents had their personally identifiable information exposed.
In almost half of cases, Social Security numbers were obtained by cybercriminals or were exposed as a result of the loss or theft of devices used to store personal information.
2015 was a Bad Year for Data Breaches in California
The California data breach report was compiled following a particularly bad year for Californians. In 2015, 24 million state residents had their personal information exposed. That equates to one in three Californians. To put the figure into perspective, in 2012 only 2.6 million state residents were affected by data breaches.
The California data breach report was compiled to show just how bad the current situation is. According to State attorney general Kamala D. Harris, the report should serve as a “starting point and a call to action for all of us.” The situation must improve.
Harris points out in the introduction to the 2016 Californian data breach report that “many organizations need to sharpen their security skills, trainings, practices, and procedures to properly protect consumers,” she goes on to say that if a company chooses to store private and confidential data on state residents, that company has a “legal obligation to adopt appropriate security controls.”
California Data Breach Report Summary
The main findings of the 2016 California data breach report are listed below:
- The biggest data security threats are malware and hacking
- Malware and hacking exposed 54 percent of records and accounted for the most data breaches (365)
- Malware and hacking attacks have grown by 22% in 4 years and caused 58% of breaches in 2015
- Malware and hacking caused 90% of retail data breaches
- Physical breaches (loss and theft of devices) accounted for 27% of all reported breaches.
- Physical breaches are declining: They fell from 27% in 2012 to 17% in 2015
- Errors and employee/employer negligence accounted for 17% of data breaches
- Medical records were exposed or stolen in 19% of reported breaches
- Payment card information was stolen in 39% of data breaches
- Small businesses reported 15% of data breaches
According to the new California data breach report, the retail sector suffered the most, accounting for a quarter of all data breaches reported in the past four years. Those security incidents resulted in the exposure of 42% of the total number of records exposed in the past four years. The financial sector was in second place with 18% of breaches, while the healthcare sector was third being involved in 16% of data breaches.
Data Breach Prevention – Improve Protection Against Malware
The prevention of cyberattacks requires multi-layered security systems, although in the majority of cases data breaches were found to be the result of a failure to update software and apply patches. The security vulnerabilities that were exploited by hackers or used to install malware had been discovered and patched. In the majority of cases, patches had existed for over a year but had not been installed.
Malware is commonly used as a way of gaining access to computer systems used to store valuable consumer data. Malware is often delivered via spam email campaigns. A robust and powerful anti-spam solution should be implemented to catch malicious emails and prevent them from being delivered to user inboxes.
If staff are also trained to identify malware and potentially harmful emails and attachments, a great deal of malware infections can be prevented. However, email is not the only malware delivery mechanism. Cybercriminals are increasingly using exploit kits to probe for security weaknesses in browsers and browser plugins. Those vulnerabilities can be exploited and used to download malware without any user interaction required.
These infections are referred to as drive-by attacks, and they can occur if a user can be directed to a malicious website or a site that has been compromised by cybercriminals.
Third party advertising networks can contain adverts with malicious links that direct visitors to sites where drive-by attacks can take place. Those adverts can appear on legitimate websites. Even some of the biggest sites on the Internet have been discovered to display malvertising. These threats must be dealt with to prevent data breaches from occurring.
Protecting against malware delivery via the Internet requires a different solution: a web filter.
Protect End Users from Web-Borne Malware Threats with WebTitan
WebTitan offers a range of web filtering solutions for the enterprise to protect end users from web-borne threats such as malware, ransomware, viruses, Trojans, and memory-resident malware threats. Solutions have also been developed to keep Wi-Fi networks and hotspots free from malware.
By implementing a web filtering solution, end users can be prevented from visiting websites known to contain malware and from engaging in risky online behavior. By restricting access to potentially dangerous websites, the risk of a malware or ransomware infection can be greatly reduced.
For further information on the benefits of WebTitan’s web filtering solutions contact the Sales team today:
US Sales +1 585 973 5080
UK/EU Sales +44 (0)247 699 3641
IRL +353 91 54 55 00
Alternatively send an email to firstname.lastname@example.org or visit the webpages below: