4 Important Takeaways From Verizon’s 2016 Data Breach Investigations Report
According to Verizon’s 2016 Data Breach Investigation Report, cyber criminals are exploiting well-known methods and published vulnerabilities in the majority of data breaches. In fact, four key findings reflect some repeated themes in the cyber security community:
1. Money motivates. According to the report, about 80 percent of all examined attacks were motivated by financial gain. Despite a slight uptick last year, attacks motivated by espionage remained in a distant second, accounting for roughly 9 percent of attacks.
2. Attacks exploit known weaknesses. Cyber criminals are opportunists who attack through known vulnerabilities. The top 10 known vulnerabilities account for 85 percent of attacks.
3. Poor passwords are a problem. Sixty-three percent of the examined data breaches involved the use of weak, stolen or default passwords.
4. Ransomware is on the rise. Ransomware attacks increased by 16 percent over the 2015 report’s findings.
According to Verizon, 95 percent of breaches and 86 percent of security incidents fall into nine identifiable patterns. That means that companies and security experts understand the threats and can prepare accordingly:
• Understand the attack patterns that are most common for your industry.
• Implement two-factor identification.
• Apply patches promptly.
• Train your staff on known security threats.
Email Privacy Act Passes House; Could Encounter Opposition in Senate
Last month, the U.S. House of Representatives passed the Email Privacy Act, a bipartisan bill designed to reform the Electronic Communication Privacy Act (ECPA) of 1986, by a vote of 419 to 0. Supporters of the bill hail it as a much-overdue reform that ensures privacy by closing legal loopholes that allowed government officials to conduct warrantless data searches. However, critics say that the new bill would hinder criminal and civil investigations—something which may result in opposition from the Senate.
Major Changes to the ECPA
The Electronic Privacy Act closes a loophole found in the older ECPA that privacy advocates say government agencies have been exploiting for years. The ECPA, originally passed in 1986, didn’t adequately anticipate the prevalence of cloud storage, and, as a result, provided insufficient security measures for data stored in the cloud. Specifically, it allows government agencies to access emails, data or other communications that have been in cloud storage for more than 180 days without first securing a warrant. The new bill closes that loophole, thereby making warrantless data searches illegal.
Opposition to the Bill
As the bill moves to the Senate, some authorities have voiced their opposition to passing the bill in its current form. Law enforcement agencies fear that the provisions might be too strict. Agencies like the FBI noted that they’ve adopted the practice of acquiring warrants before conducting data searches of cloud-stored data, despite not technically needing them. Moreover, they worry that the new restrictions could hinder time-sensitive investigations.
The bill also faces opposition from civil agencies, like the IRS and the Securities and Exchange Commission (SEC), which would like to see an exception made for them. Unlike criminal investigative agencies, civil agencies can’t petition for a warrant, and, thus, might be unable to access data relevant to their investigations, even with probable cause. The bill’s advocates argue that making private data harder for agencies to access is precisely the bill’s point.
The Bill’s Future in the Senate
For now, the bill moves to the Senate, where it has 26 co-sponsors. If the Senate amends or alters the bill in any way, it would then have to return to the House and be passed all over again. As always, you can trust your partners at Kelly Insurance Agency to monitor these developments and keep you informed of any legislation that could affect your business.
This publication is for informational purposes only. It is not intended to be exhaustive nor should any discussion or opinions be construed as compliance or legal advice. In relation to any particular problem which they may have, readers are advised to seek specific advice. Further, the law may have changed since first publication and the reader is cautioned accordingly.
© 2016 Zywave, Inc. All rights reserved.