Get full report: http://ow.ly/1K7G305gy6U
Not all breached data is of equal value and in order to better understand the desirability of the data and the severity of the breach, it's important to consider these 6 factors.
6 Factors To Consider When Assessing The Severity Of A Data Breach
1. 1
6 Factors to Consider When Assessing
the Severity of a Data Breach
To learn more, download our report:
Compromised Credentials - Learn From
the Exposure of the World’s 1,000 Biggest
Companies
Not all breached data is of equal value and in order to better understand the desirability of the data
and not the severity of the breach, it’s important to consider these 6 factors.
Recoverable Passwords
Data Sensitivity
Freshness
Transferability
Size
Public or Private Source
1
2
3
4
5
6
Data dumps with recoverable passwords, such as the LinkedIn breach of 2012, are more
useful than those without.
Highly sensitive or damaging data may be used by a threat actor in blackmail or
extortion attempts, such as the Ashley Madison breach of 2015, or, in the case of health
records, for identity theft.
As a data set gets older, its usefulness declines as those contained within the data set
either abandon accounts or change passwords.
Some data sets are more relevant to an individual than others, especially those
containing reusable information for other accounts such as addresses, secret questions,
and credit card details.
How accurately does the data represent the target user group? 50%? 70%? Critically,
how accurately does the data represent the target group in relation to the desired
outcome of the threat actor?
The more ‘secretive’ the data, the more useful it would be for a threat actor. Also, if
a data set has been made public, the affected organization is highly likely to revoke
exposed passwords.
2. 2
London
Level 39, One Canada Square, London, E14 5AB 332 Pine St. Suite 600, San Francisco, CA 94104
+1 (888) 889 4143
About Digital Shadows
San Francisco
info@digitalshadows.com+44 (0) 203 393 7001
digitalshadows.com
Digital Shadows provides insight into an organization’s
external digital risks and the threat actors targeting them.
Digital Shadows SearchLight™ service combines scalable
data analytics with human analysts to monitor for cyber
threats, data leakage, and reputation risks. Digital Shadows
continually monitors the Internet across the visible, deep and
dark web, as well as other online sources to create an
up-to-the minute view of an organization and provide it with
tailored threat intelligence. The company is jointly
headquartered in London and San Francisco. For more
information, visit www.digitalshadows.com.