Data Breach Reports Need More Detail
Provide information that helps stop future attacks
One of my stories on data breaches.
Free Content on Jobs in Cybersecurity | Sign up for the Email List
Each week I compile the data breaches from the past week and try to determine sources of attack. This week, 2nd Sight Lab is changing the schedule of the updates to come out on Monday for the week prior. Looking at the past week’s news and compiling a list of the data breaches reported from many sources, the information is still not helpful in many cases from a defensive perspective. Simply stating that a company had a breach and attackers got in does not tell us much.
Most of the reports do not help other companies prevent similar attacks because they lack sufficient detail. Stating that an unauthorized person got into systems does not explain how they got into the hosts and networks in the first place. Trying to understand how data breaches happen is why I wrote my Target Breach white paper and analyze other data breaches to help organizations prevent similar attacks.
- Which software, hardware, or network vulnerabilities did the attackers use to gain access?
- Was a particular port exposed?
- Did the attacker leverage phishing or social engineering?
- Did the attacker traverse the internal network?
- Did the attacker use the company systems to attack other organizations?
- What sort of configuration errors led to the breach?
- Was MFA enabled and bypassed in this attack? How?
The other problem, as reported last week, many companies are not reporting breaches. Organizations do not need to report certain types of attacks, such as when cryptominers get into a system. If companies do not report data breaches, we do not know how many systems attackers are accessing and the different means of attack.
In addition to lack of information and reporting, not all states provide a list of those breaches. The information we have is most certainly incomplete. States also report data breaches in different formats that are time-consuming to compile, like I do each week.
Indiana data breach reports
Just noticing that state of Indiana updates the name of its report with the current month. Also report dates are added out of order. That means data breach reports for Indiana may not be in the current report but may show up later. If time we’ll go back and add them or add them when they show up on the report but this is what makes creating these reports time-consuming.
New Jersey data breach reports
Data breach reports are alphabetical by organization name. That means to find breaches in a particular time period requires a manual search of each page for each letter of the alphabet. It would be helpful if this list was sortable by date.
Oregon data breach reports
The data breach information from Oregon lacks a link to or copy of the document provided by the victim organization describing the breach.
Maryland data breach reports
Data breach reports from Maryland end in 2020.
Massachussettes data breach reports
Massachussettes data breach reports come out a week after the report so were not included in my recent cybersecurity news reports. I’ll have to decide if I want to go back and add them or report them a week late. This list also lacks a link to the data breach report.
Maine data breach reports
Some states have sufficient information and a searchable or sortable list to find recent breaches. Reports from Maine seem to be the most complete. Breach reports from main attempt to categorize the type of attack as well. This is the best report list. However, we still don’t know what is causing the breaches based on the reports provided by affected organizations.
States lacking data breach reports
A complete list of states that report data breaches and those that don’t is available here:
I hope in the future data breach reports will provide adequate information that other organizations can use to shore up defenses against a particular attack.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2021
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab