March 2018 Data Breach Update

March 2018 Data Breach Update

The business sector was the leader for the number of data breaches in March 2018 with 45 breaches. These are breaches that are confirmed through media sources and/or notifications from state governmental agencies. The medical/healthcare industry had the second highest percentage of recorded breaches at 21 percent (19 breaches).

Both the business sector and the education sector saw an increase in breaches in March over the prior 2 months.

data breaches 2018Looking at the method of compromise, hacking attacks represented nearly one-third of the breaches during the month of March. Of these incidents, 46 percent involved placing ransomware on the system and 36 percent identified phishing as the attack method.

Unauthorized access hit the financial industry the hardest in March with 77 percent of the breach notifications in this sector citing this as the cause of the breach. This compares to 32 percent in the medical sector and 31 percent in the business industry. Employee error/negligence/improper disposal/loss made up 14 percent of the overall total of breaches in March.

See the monthly breach report for March here. 

Data Breaches in March

Facebook/Cambridge Analytica – not your typical data breach. The use of millions of Facebook users’ personal – and potentially private – information that was obtained by Cambridge Analytica

Some of the information that has yet to be shared by the organizations involved that could put social media users at an increased vulnerability for identity theft include which aspects of the users’ profile were used in the data mining process.

Accessing information such as physical address, phone numbers, email addresses, payment methods attached to their social profiles and other information that could be used to assume or create an identity are all part of a user’s Facebook profile. More details. 

Florida Virtual Schools

Florida Virtual Schools announced a breach affecting students, parents, and teachers. The cause of this data breach involved a server that was misconfigured exposing a wide range of personal identifying information including, but not limited to: some current and former teachers’ social security numbers, names, contact information, date of birth, demographic and emergency contact information.


Orbitz contacted several Attorneys General offices regarding the hacking of its travel booking platform Orbitz.com. This incident exposed 880,000 records including full name, payment card information, date of birth, phone number, email address, physical and/or billing address and gender.

Under Armour/ MyFitness Pal

Under Armour notified customers regarding a breach of its MyFitnessPal platform. Usernames, email addresses, and passwords of 150 million users were exposed as a result of this incident.

Avoid Data Breaches

An important note to remember when it comes to cybersecurity and data breaches is bad actors persistently and effectively execute attacks, and you are a target. All you can do to avoid data breaches is have a cyber defense that prepared, ready, and able to thwart the enemy’s attacks.

Here’s what we recommend:

  • Build a human firewall with Security Awareness Training. Make your employees independent security officers because they are your first line of defense.
  • Vulnerability Management. To understand where you need to improve, you need to understand where your vulnerabilities are. We can help you identify where the gaps are in your infrastructure.
  • Patch Management. After we know where the gaps are, we apply a patch management policy to your infrastructure to make sure those gaps are filled in.
  • Endpoint Detection and Response. No OS or software is going to be 100% perfect – there are always going to be holes in it. so we have included EDR, a layered next-generation antivirus system. We can block viruses as well as dive into the systems to see what types of attacks are happening.
  • Managed SIEM with Security Monitoring. Our 24×7 SIEM is the aggregator of all information. This correlates all the data in your system, which helps us determine if something is odd on your system.

And, we can do it with an all-in-one monthly, affordable subscription with Cybriant PREtect. 

On-Demand Webinar: Phishing Attack Landscape and Benchmarking

On-Demand Webinar: Phishing Attack Landscape and Benchmarking

New Study: Is Your Phish-Prone Percentage Better or Worse Than Your Peers in the Industry?

One of your important IT security projects is getting the Phish-prone percentage of your users as low as possible because phishing is the root cause of many security breaches.

>Find out your Phish-Prone Percentage Here<<

But how are you doing compared to “similar-size peers” in your industry?

Our partner, KnowBe4,  just completed a big-data analytics exercise over the 15,000 customers we have and came up with new baseline phish-prone percentages, and how fast it drops over time. To say the least, the numbers are very interesting, and this time we also broke them out by industry and size, showing the most at-risk industries.

Now having incredible data to analyze, the new research uncovered some surprising results. The overall industry initial Phish-prone percentage benchmark turned out to be a troubling 27%, but with variations by size and industry.

Fortunately, the data showed that this 27% can be brought down more than half to just 13% in only 90 days by deploying new-school security awareness training. The 365-day results show that by following these best practices, the final Phish-prone percentage can be minimized to 2.17% on average.

Key topics covered in the research:

  • New phishing benchmark data by org size and industry
  • Understanding the current phishing landscape
  • Most clicked simulated phishing attacks
  • Top 10 “In the Wild” reported phishing emails

Watch the on-demand webinar to see how you stack up!

Your Users are Phish-Prone! Find out how many.

Watch the Webinar