In its most recent report on July 29, the ITRC revealed a 20.1% increase in reported security breaches since this time last year. Twenty breach incidents were added in the past week alone.
Overall year-to-date breach report breakdown by sector:
44.5 % Medical/healthcare — nine added last week
33.2% Business — six added last week
11.6% Government/Military — three added last week
10.7 Education — two breaches added last week.
ITRC has documented 633,162,066 total records containing personally identifiable information compromised from 4,679 breaches reported since 2009.
Those are astonishing numbers; yet, according to the U.S. Secret Service, many data security breaches go unreported.
A French information security company recently admitted knowing about a serious Internet Explorer vulnerability for at least three years before disclosing it publicly.
“This critical zero-day vulnerability that affected versions 8, 9, 10 and 11 of Internet Explorer browser allowed attackers to remotely bypass the IE Protected Mode sandbox. An attacker can exploit this issue to gain elevated privileges.” (The Hacker News July 2014)
Microsoft kept an IE 8 zero-day remote code execution vulnerability hidden since October 2013 until it could issue a patch this year.
There may have been justification for hiding knowledge of breaches and security flaws in the past, but now that three cyber security bills have passed through the Senate, and will likely pass thought the House, entities both private and public will have a responsibility to report such information in a collaborative effort to protect US critical infrastructure.
EdgeWave’s Military-grade Cyber Security is an essential part of any organization’s current and future reporting needs. The preemptive nature of EdgeWave’s Security Services prevents zero-day exploits from interrupting the flow of legitimate daily business, while creating the transparent environment that will be increasingly required by the DHS and other regulatory agencies.