Home SecurityData Breach A new website explains data breach risk

A new website explains data breach risk


Data breaches are so common that even a theft of a billion records of seriously confidential information barely makes the news. It’s business as usual. Part of the problem is that all the data breaches involving our data become melded together. It seems as if all our personal data is already out there — many times over. So, who cares if it happens once (or ten times) more? We’re numb to yet another attack that includes our personal data. In the beginning we feared every announced data breach. Now we don’t fear any.

I’ve previously written about the lack of useful risk management data surrounding most data breaches. Specifically, I didn’t like the lack of pertinent facts around each individual data breach, which doesn’t allow stakeholders to determine how bad the breach really was. For example, if a hospital accidentally leaves behind personal medical information in an old office during a move to new office space, it’s called a data breach and treated by reporting entities and databases as being as serious as a malicious data breach where criminals stole data.

The same is true when a website coding error leaves records exposed and a whitehat hacker publicizes it. It’s treated as if malicious hackers have used the vulnerability to pull every record the website has. “A billion records exposed!” scream the headlines, but there is no proof that anyone maliciously pulled a single record. Exposure is a far different risk from actual theft. Unfortunately, the news media often treats them the same.

Every data breach is usually treated like a bad data breach even if the true risk is something less. In my earlier article, I suggested a data breach rating system like what is already in place for reported software vulnerabilities. I got a good response, including dozens of security experts who agreed with me. A few respondents even said they were working on exactly what I was asking for.

Breach Clarity offers insight to breach risk

Last week, one, Jim Van Dyke, CEO of Futurion, showed me his new beta website called Breach Clarity. Van Dyke is a long-time computer technologist and analyst with over 35 years of experience, specializing in fraud and identity management. He has founded several companies, including multiple digital technology-related research firms. He sold his last, Javelin Strategy & Research, and now works full time as an expert witness in in major data breach cases. He was on the Consumer Advisory Board of the U.S. federal Consumer Financial Protection Bureau (CFPB) for three years and has testified to the U.S. House of Representatives. Suffice to say that Van Dyke has some relevant experience in and around data breaches.

Breach Clarity allows any visitor to enter the name of a breached company and find out what information was taken and the relative risk of that particular breach, rated on a scale of 1 to 10, with 10 being the highest. The figures below shows two examples, one high risk and the other relatively low risk.

Source link

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More