Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Data Breach QuickView ReportThird Quarter 2017
Sponsored By:
2 MC_0000605A
Equifax and Yahoo eclipse news of the other 1,465 breaches reported in Q3
• There were 3,833 breaches reported through the end of September 2017, exposing over 7 billion records.
• Compared to the same period in 2016, the number of reported breaches is up 18.2% and the number of exposed records is up 305%.
• The 5 largest breaches of 2017 exposed approximately 78.5% of all records exposed year to date.
• The Business sector accounted for 43.9% of reported breaches, followed by Unknown (33.9%), Medical (8.5%), Government (8%), and Education (5.8%).
• The Business sector accounted for 84.3% of the total records exposed through Q3, followed by Unknown (12.6%) and Government (3%). Medical and Education sectors combined continue to account for less than 1% of the total records exposed this year.
• Web (inadvertent online disclosure) remains the leading cause of records compromised in 2017, accounting for 68.5% of records exposed, but only 5.4% of the incidents reported, down from 7.1% of incidents at the midyear point.
• 52.1% of reported breaches were the result of hacking, up from 41.6% of reported breaches at the midyear point. The percentage of records exposed due to hacking remained unchanged from midyear, at 30.6%.
• Breaches involving U.S. entities accounted for 49.6% of incidents and approximately 29.3% of the exposed records.
• The number of breaches confirmed to have exposed one million or more records now stands at 69 for the year.
• Five 2017 breaches are now on the Top 10 List of All Time Largest Breaches.
2017 saw a rise in the number of breaches compared to the same period of time in 2016. With the growth of IOT and with hackers creating new ways to monitor and access data—even without actually hacking into your system—protecting a company’s network and valuable data will become more challenging. We are pleased to partner with Risk Based Securities to provide this update through Q3 of 2017. To discuss this information in more detail, please contact us at [email protected].— Manny Cho, EVP
3MC_0000605A
Table of ContentsComparison
Comparison of the Previous Four Years ........................................................................................................................5
Comparison by Industry, by Month .............................................................................................................................5
Breaches by Type, by Record ....................................................................................................................................6
Data Breach Analysis by Threat Vector ........................................................................................................................7
Exposed Records by Threat Vector ..............................................................................................................................7
Distribution of Breaches by Discovery Method ...............................................................................................................8
10 Largest Breaches With Data Types and Severity Scores ..............................................................................................8
Analysis by Data Family ...........................................................................................................................................9
Confidentiality Impact ..............................................................................................................................................9
Analysis by Data Type ........................................................................................................................................... 10
Percentage of Breaches Exposing Specified Data Types YTD vs. Prior Years ...................................................................... 11
Impact
Analysis of Records per Breach ................................................................................................................................ 13
Type 5 Breach Types/Records Exposed ..................................................................................................................... 13
Analysis of Incidents by NAICS Economic Sector ......................................................................................................... 14
Distribution of Business Groups Within Economic Sectors – Top 3 ................................................................................... 14
Analysis by Location .............................................................................................................................................. 15
Breaches by Country ............................................................................................................................................. 16
Exposed Records by Country ................................................................................................................................... 16
Distribution of Breaches by State .............................................................................................................................. 17
Analysis of US State Rankings, Exposed Records ......................................................................................................... 17
Breaches Impacting Third Party Organizations ............................................................................................................. 18
Breach Severity Scores ........................................................................................................................................... 19
Top 10 Breaches by Severity Score .......................................................................................................................... 20
Top 20 Largest Breaches All Time (By Exposed Records Count) ....................................................................................... 21
Methodology & Expertise
Methodology & Terms ........................................................................................................................................... 25
About Risk Placement Services ................................................................................................................................. 28
About Risk Based Security ....................................................................................................................................... 29
Note: All data shown throughout this report is reflective of the first nine months of 2017.
Comparison
5MC_0000605A
Comparison of the Previous 4 Years
# of Records Exposed by Year
Comparison by Industry, by Month
Distribution of Incidents by Industry, by Month# of Incidents by Year
Distribution of Exposed Records by Industry, by Month
6 MC_0000605A
Breaches by Type, by Record
Records Exposed by Breach Type
Top 10 Breach Types
The amount of data compromised by open, unprotected databases and back up files continues to dwarf the number of records compromised due to other breach types.
Of the 433 skimming incidents, 56% were discovered at gas pumps, and 41% were discovered at ATMs. The remaining 3% are attributable to self-service kiosks, employee use of handheld devices or skimmers attached to in-store card readers.
7MC_0000605A
Data Breach Analysis by Threat Vector
Number of Incidents by Threat Vector
Although much attention is given to the malicious insider, accidental disclosure by insiders accounts for more than twice the number of insider breaches.
The number of records compromised by malicious insiders is lower than the records accidentally compromised by insiders.
Exposed Records by Threat Vector
Threat Vector Records Exposed
Outside 2,558,486,771
Inside-Accidental 2,486,086,778
Inside-Unknown 2,001,597,318
Unknown 45,806,364
Inside-Malicious 1,157,205
Total 7,093,134,436
8 MC_0000605A
Distribution of Breaches by Discovery Method
Internal Discovery - Incidents
Internal Discovery -
Records
External Discovery - Incidents
External Discovery -
Records
Undisclosed Discovery - Incidents
Undisclosed Discovery -
Records
Q1 228 66,209,868 786 3,361,304,347 403 18,574,558
Q2 242 3,018,241 353 493,036,492 348 2,098,101,486
Q3 141 4,172,347 1041 870,967,226 288 177,747,365
YTD 611 73,400,456 2,180 4,725,308,065 1,039 2,294,423,409
10 Largest Breaches With Data Types and Severity Scores1
Breach Type Records Exposed Percentage of Total Exposed Data Type2 Severity Score
Web 2,000,000,000 32% ADD/NAA/NUM 10
Web 1,374,159,612 22% ADD/EMA/FIN/MISC/NAA 10
Hack 1,221,893,767 19% EMA/PWD 10
Web 711,000,000 11% EMA/MISC/PWD 9.63
Web 267,693,854 4% EMA/NUM 9.80
Web 198,000,000 3% ADD/DOB/MISC/NAA/NUM 10
Hack 145,500,000 2% ADD/CCN/DOB/MISC/NAA/SSN/UNK 10
Web 135,000,000 2% ADD/FIN/MISC/NAA/NUM/SSN 9.68
Hack 129,696,449 2% EMA/PWD 9.71
Hack 126,761,168 2% ADD/NAA/NUM 9.40
The top 10 breaches exposed 6,309,704,850 records, or 89% of the total records exposed in 2017 Year To Date
9MC_0000605A
Analysis by Data Family
Percentage of Total Breaches
Percentage of Total Exposed Records
Percentage of Total Breaches
Percentage of Total Exposed Records
Data Family 9 Months 2016 9 Months 2016 9 Months 2017 9 Months 2017
Electronic 90.61% 99.98% 93.18% 99.98%
Physical 6.56% <1% 4.47% <1%
Unknown 2.83% <1% 2.35% <1%
Confidentiality Impact
Confidentality Impact
The number of breaches resulting in confirmed exposure increased 2% from midyear.
10 MC_0000605A
Analysis by Data Type
Incidents by Data Type Exposed
The percentage of breaches impacting names dropped 8.2% from the midyear point. Similarly, the number of breaches impacting physical addresses and Social Security numbers dropped 7.5% and 6.4% respectively since the midyear point. Once again, access credentials in the form of email addresses and passwords are the top two most compromised data types.
11MC_0000605A
Percentage of Breaches Exposing Specified Data Types YTD vs. Prior Years
Data Type 9 Months 2017 9 Months 2016 9 Months 2015
Email Address 44.3% 44.1% 44.3%
Password 40.0% 40.1% 50.7%
Name 32.4% 35.5% 28.6%
Physical Address 22.9% 21.1% 12.5%
As the effect of data theft for tax fraud purposes fades, the percentage of breaches impacting email addresses, passwords, names and addresses begins to normalize over a three-year period.
Analysis
13MC_0000605A
Top 5 Breach Types/Records Exposed
Breach Category Number of BreachesNumber of Records
ExposedAverage Records per
BreachPercent of Total Records Exposed
Hacking 1997 2,713,877,399 1,358,977 36.03%
Skimming 433 5,274 12 0.00%
Phishing 290 740,879 2,555 0.01%
Virus/Malware 256 3,033,730* 11,851 0.04%
Web 206 4,815,148,260 23,374,506 63.92%
For the second year in a row, the number of breaches impacting over 10,000,000 records is high. At this point in 2016, there were also 26 breaches. There were 8 in 2015; 11 in 2014; 9 in 2013 and 5 in 2012.
Analysis of Records per Breach
Exposed RecordsNumber of Breaches
Percent of Total
Unknown/Undisclosed 1421 37.1%
1 to 100 1069 27.9%
101 to 1,000 600 15.6%
1,001 to 10,000 423 11.0%
10,001 to 100,000 184 4.8%
100,001 to 500,000 48 1.3%
500,001 to 999,999 18 0.5%
1 M to 10 M 44 1.1%
> 10 M 26 0.7%
Distribution of Business Groups Within Economic Sectors – Top 3
Economic Sector Business GroupPercentage of Breaches Within
Economic Sector
Information (51)
Software / Web Services 79.9%
Mass Media 12.2%
Telecommunications 7.8%
HealthCare (62)
Practitioner Offices 31.7%
Hospitals 31.5%
Non-Hospital Facilities 31%
Finance & Insurance (52)Finance 82.1%
Insurance 17.9%
Analysis of Incidents by NAICS Economic Sector
Distribution of Incidents by Economic Sector
14
Analysis by Location
Incidents by Location Records Exposed by Location
The number of data leaks that cannot be attributed to a location drives the high percentage of incidents with an unknown location.
15MC_0000605A
16 MC_0000605A
Breaches by Country
There is a three-place tie for the 10th spot between New Zealand, the Netherlands and France, with each reporting 15 incidents.
Exposed Records by Country
Ranking # of Breaches CountryTotal Exposed Records
Average Records per Breach
Median Number of Records
Percentage of Exposed Records
1 22 China 3,822,021,857 173,728,266 3,371,754 54.62%
2 1906 United States 2,054,278,287 1,077,796 1,579 29.36%
3 15 Netherlands 711,794,151 47,452,943 7,849 10.17%
4 71 India 299,222,121 4214396 484 4.28%
5 2 Philippines 55,254,020 27,627,010 - 0.79%
6 10 Republic of Korea 16,372,292 1,637,229 1,543,228 0.23%
7 7 Israel 14,001,154 2,000,165 93 0.20%
8 7 Hong Kong 12,041,844 1,720,263 1,753 0.17%
9 8 South Africa 6,700,000 837,500 - 0.10%
10 150 United Kingdom 5,677,497 37,850 603 0.08%
The top ten countries by records exposed account for 98.6% of the total records compromised year to date.
Incidents by Country - Top 10
17MC_0000605A
Distribution of Breaches By State
Incidents by US State - Top 10
Massachusetts and Maryland tied for 9th place, each with 51 breaches.
Analysis of US State Rankings, Exposed Records
Exposed Records Ranking
US StateTotal Exposed Records
Number of Breaches
Exposed Records/Breach
% of USA Exposed Records
1 WA 1,375,371,217 35 39,296,320.49 66.95%
2 CA 113,258,884 193 586,834 5.51%
3 NJ 33,759,056 44 767,251 1.64%
4 GA 10,692,866 40 267,322 0.52%
5 NY 9,229,681 120 76,914.01 0.45%
6 MD 6,705,356 51 131,477.57 0.33%
7 AR 6,611,511 10 661,151.10 0.32%
8 TX 4,843,359 144 33,634 0.24%
9 CT 3,076,760 30 102,559 0.15%
10 MI 2,531,753 42 60,280 0.12%
18 MC_0000605A
Breaches Impacting Third Party Organizations
Third Party Breaches by Business Type
• Steward Organizations – defined as the party responsible for protecting the data at the time of the breach – classified in the business sector account for slightly more than 50% of the breaches with a direct impact on other organizations.
• In 24% of the breaches, the third party disclosing the breach declined to identify the steward organization responsible for the data compromise.
Third Party Breaches by Breach Type - Top 10
19MC_0000605A
Breach Severity Scores
Breach Severity Scores by Quarter
Severity shifted to the lower end of the scale in the third quarter due in part to an increase in the number of breaches exposing between 1 and 100 records (a change from 14.2% at the midyear point to almost 27.9% year to date) and an overall decline in number of highly sensitive record types compromised per breach.
20 MC_0000605A
Top 10 Breaches By Severity Score
Score Reported Organization Top 10 Summary
10 Q3 Equifax
(Hacking) 145,500,000 names, dates of birth, Social Security numbers and other confidential information compromised by exploiting unpatched vulnerability in Apache Struts (CVE-2017-5638)
10 Q2 DU Group dba DU Caller(Web) 2,000,000,000 user phone numbers, names and addresses inappropriately made accessible in an uncensored public directory
10 Q2 Deep Root Analytics
(Web) Approximately 198,000,000 voter names, addresses, dates of birth, phone numbers, political party affiliations, and other demographic information exposed in an unsecured Amazon S3 bucket
10 Q1 NetEase, Inc. dba 163.com(Hacking) 1,221,893,767 email addresses and passwords stolen by hackers and sold on the Dark Web by DoubleFlag
10 Q1 River City Media, LLC
(Web) 1,374,159,612 names, addresses, IP addresses, and email addresses, as well as an undisclosed number of financial documents, chat logs, and backups exposed by faulty rsync backup
9.96 Q2 Edmodo(Hacking) 77,000,000 user email addresses, usernames, and bcrypt hashed passwords with salts stolen by hackers through undisclosed means
9.80 Q1 EmailCar (Web) 267,693,854 email addresses and phone numbers exposed in an unsecure MongoDB installation and later dumped on the Internet
9.71 Q1 Tencent Holdings Ltd dba QQ.com(Hacking) 129,696,449 email addresses and passwords stolen by hackers and sold on the Dark Web by DoubleFlag
9.68 Q2 National Social Assistance Programme (India)
(Web) Roughly 135,000,000 Aadhaar numbers and 100,000,000 linked bank account numbers, as well as names, caste, religion, addresses, phone numbers, photographs, and assorted financial details leaked on government web portals
9.68 Q3 Reliance Jio Infocomm, LTD(Hacking) 120,000,000 customer names, phone numbers, email addresses and SIM activation dates accessed using stolen access credentials
9.63 Q3 Unnamed(Web) 711,000,000 email addresses, passwords and SMTP credentials discovered in a misconfigured, open database used by spammers
21MC_0000605A
Top 20 Largest Breaches All Time (By Exposed Records Count)
Breach Reported Date
SummaryRecords Exposed
Organization’s Name
Industry - Sector
Breach Location
Highest All Time 12/14/2016
Recent revelations around the 2013 intrusion into Yahoo’s systems moves this event back into the top spot
3 Billion Yahoo Business - Technology United States
Number 2 5/13/2017
User phone numbers, names and addresses inappropriately made accessible in an uncensored public directory
2 Billion DU Caller Group Business - Technology China
Number 3 3/3/2017
Names, addresses, IP addresses, and email addresses, as well as an undisclosed number of financial documents, chat logs, and backups, exposed by faulty rsync backup.
1.3 Billion River City Media, LLC Business -
Technology United States
Number 4 1/25/2017
A database holding email addresses and passwords stolen by hackers and offered for sale on the dark web.
1.2 Billion
NetEase, Inc. dba 163.com
Business – Technology China
Number 4 8/29/2017
Email addresses, passwords, and SMTP credentials exposed on the Internet due to a misconfigured spambot database
711 Million Unknown Unknown Netherlands
Number 5 9/22/2016
Hack exposes user names, email addresses, phone numbers, dates of birth, hashed passwords and security questions and associated answers.
500 Million Yahoo Business -
Technology United States
Number 6 10/18/2016
Hackers exploit a Local File Inclusion vulnerability, compromising member email addresses, usernames, and encrypted passwords, IP addresses and membership statuses.
412 Million
FriendFinder Networks, Inc
Business - Technology United States
Number 7 5/27/2016
Hack exposes user account records containing SHA1 encrypted passwords, email addresses.
360 Million MySpace Business -
Technology United States
Breach Reported Date
SummaryRecords Exposed
Organization’s Name
Industry - Sector
Breach Location
Number 8 1/1/2017
Email addresses and phone numbers were exposed in an unsecure MongoDB installation, which was later downloaded and dumped on the Internet
267 Million EmailCar Business -
Technology China
Number 9 8/22/2014
Hack of websites exposes names, registration numbers, usernames and passwords.
220 Million
Organization’s Name has not been reported Unknown South Korea
Number 10 12/3/2016
Hackers offer for sale a database containing a variety of personal and financial details.
203 Million
Organization’s Name has not been reported Unknown Unknown
Number 11 10/19/2013
Fraudulent account used to gain access to credit card numbers, social security numbers, names, and financial account numbers.
200 Million Court Ventures, Inc. Business - Data United States
Number 12 6/19/2017
Unsecured Amazon S3 bucket exposes voter names, addresses, dates of birth, contact information and voter preferences.
198 Million Deep Root Analytics Business/
Business United States
Number 13 12/28/2015
Misconfigured database exposes voter names, dates of birth, addresses, phone numbers, political party affiliations, and genders.
191 Million
Organization’s Name has not been reported Unknown United States
22 MC_0000605A
Top 20 Largest Breaches All Time (By Exposed Records Count) – continued
Breach Reported Date
SummaryRecords Exposed
Organization’s Name
Industry - Sector
Breach Location
Number 14 6/21/2014
Hack exposes trip details of customers after cracking MD5 hashes
173 Million
NYC Taxi & Limousine Commission
Government - City United States
Number 15 6/23/2016
Hack exposes USA voter information.
154 Million
Organization’s Name has not been reported Unknown United States
Number 16 10/3/2013
Hack exposed customer names, IDs, encrypted passwords and debit/ credit card numbers with expiration dates, source code and other customer order information.
152 Million Adobe Systems, Inc. Business -
Technology United States
Number 17 3/17/2012
Firm may have illegally bought and sold customers’ information.
150 Million
Shanghai Roadway D&B Marketing Services Co.
Business - Data China
Number 18 9/7/2017
Hackers take advantages of Struts Shock vulnerability to compromise names, dates of birth, Social Security numbers, addresses, and other personal information.
145.5 Million Equifax Business – Data United States
Number 19 5/21/2014
Hack exposes names, encrypted passwords, email addresses, registered addresses, phone numbers and dates of birth.
145 Million eBay, Inc. Business - Retail United States
Number 20 6/8/2013
North Korean Hackers expose email addresses and identification numbers.
140 Million
Organization’s Name has not been reported Unknown South Korea
23MC_0000605A
Top 20 Largest Breaches All Time (By Exposed Records Count) – continued
Methodology & Expertise
25MC_0000605A
Methodology & TermsRisk Based Security’s research methods include automated processes coupled with traditional human research and analysis. Our proprietary applications crawl the Internet 24x7 to capture and aggregate potential data breaches for our researchers to analyze. In addition, the research team manually verifies news feeds, blogs, and other sources looking for new data breaches as well as new information on previously disclosed incidents. The database also includes information obtained through Freedom of Information Act (FOIA) requests, seeking breach notification documentation from various state and federal agencies in the United States. The research team extends our heartfelt thanks to the individuals and agencies that assist with fulfilling our requests for information.
Data Standards and the use of “Unknown”
In order for any data point to be associated with a breach entry, Risk Based Security requires a high degree of confidence in the accuracy of the information reported as well as the ability to reference a public source for the information. In short, the research team does not guess at the facts. For this reason the term “Unknown” is used when the item cannot be verified in accordance with our data validation requirements. This can occur when the breached organization cannot be identified but leaked data is confirmed to be valid or when the breached organization is unwilling or unable to provide sufficient clarity to the data point.
26 MC_0000605A
Breach Types are defined as follows:
Name Description
Missing Media Missing media, unknown or disputed whether lost or stolen
Other Miscellaneous breach type arising primarily from data mishandling
PhishingMasquerading as a trusted entity in an electronic communication to obtain data
Seizure Forcible taking of property by a government law enforcement official
SkimmingUsing electronic devices (such as a skimmer) to swipe victims’ credit/debit card numbers
Snail Mail Personal information in “snail mail” exposed to unintended third party
SnoopingExceeding intended privileges and accessing data for unauthorized purposes
Stolen Computer Stolen desktop (or unspecified computer type in media reports)
Stolen Document Documents either reported or known to have been stolen by a third party
Stolen Drive Stolen data drive, unspecified if IDE, SCSI, thumb drive, etc.
Stolen Laptop Stolen Laptop (generally specified as a laptop in media reports)
Stolen Media Media generally reported or known to have been stolen by a third party
Stolen Mobile Stolen mobile phone or device such as tablets, etc.
Stolen Tape Stolen backup tapes
Unknown Unknown or unreported breach type
Virus (Malware)Exposure to personal information via virus or Trojan (possibly classified as hack)
WebWeb-based intrusion, data exposed to the public via search engines, public pages
Name Description
Disposal Computer Discovery of computers not disposed of properly
Disposal Document Discovery of documents not disposed of properly
Disposal Drive Discovery of disk drives not disposed of properly
Disposal Mobile Discovery of mobile devices not disposed of properly
Disposal Tape Discovery of backup tapes not disposed of properly
Email Email communication exposed to unintended third party
Fax Fax communication exposed to unintended third party
Fraud SE Fraud or scam (usually insider-related), social engineering
Hack Computer-based intrusion
Lost Computer Lost computer (unspecified type in media reports)
Lost Document Discovery of documents not disposed of properly, not stolen
Lost Drive Lost data drive (unspecified if IDE, SCSI, thumb drive, etc.)
Lost Laptop Lost laptop (generally specified as a laptop in media reports)
Lost Media Media (e.g. disks) reported to have been lost by a third party
Lost Mobile Lost mobile phone or device such as tablets, etc.
Lost Tape Lost backup tapes
Missing Document Missing document, unknown or disputed whether lost or stolen
Missing Drive Missing drive, unknown or disputed whether lost or stolen
Missing Laptop Missing laptop, unknown or disputed whether lost or stolen
27MC_0000605A
Data Type Definitions
Abbreviation Description
CCN Credit Card Numbers
SSN Social Security Numbers (or Non-US Equivalent)
NAA Names
EMA Email Addresses
MISC Miscellaneous
MED Medical
ACC Account Information
DOB Date of Birth
FIN Financial Information
UNK Unknown / Undisclosed
PWD Passwords
ADD Addresses
USR User Name
NUM Phone Number
IP Intellectual Property
No WarrantyRisk Based Security, Inc. makes this report available on an “As-is” basis and offers no warranty as to its accuracy, completeness or that it includes all the latest data breaches. The information contained in this report is general in nature and should not be used to address specific security issues. Opinions and conclusions presented reflect judgment at the time of publication and are subject to change without notice. Any use of the information contained in this report is solely at the risk of the user. Risk Based Security, Inc. assumes no responsibility for errors, omissions, or damages resulting from the use of or reliance on the information herein. If you have specific security concerns please contact Risk Based security, Inc. for more detailed data loss analysis and security consulting services.
28 MC_0000605A
About Risk Placement Services, Inc.Risk Placement Services, Inc. (RPS), one of the nation’s largest intermediaries, offers valuable solutions in wholesale brokerage, binding authority, programs and standard lines. Headquartered in Rolling Meadows, Illinois, RPS has more than 80 branch office and satellite locations, creating a coast-to-coast network of offices with retailer needs in mind. RPS places well over $2.9 billion in premium annually, demonstrating the company’s strength and market presence. RPS leverages local knowledge, regional expertise and national relationships to deliver winning proposals to each retail broker partner and provide knowledge-based coverage solutions for each situation.
The RPS Executive Lines division specializes in protecting individuals and their companies against a wide range of executive risks and other professional liabilities. Market-leading specialists in public, private, and nonprofit Directors & Officers (D&O), Errors & Omissions (E&O), Fiduciary, Crime, and Kidnap & Ransom insurance products, RPS Executive Lines provides total management insurance solutions via 100 different insurance markets. Additionally, they help clients pinpoint hidden exposures to loss and fortify them against vulnerabilities, ultimately improving their risk profile.
29MC_0000605A
Cyber Risk Analytics (CRA) provides actionable security ratings and threat intelligence on a wide variety of organizations. This enables organizations to reduce exposure to the threats most likely to impact them and their vendor base. In addition, our PreBreach vendor risk rating, the result of a deep-view into the metrics driving cyber exposures, are used to better understand the digital hygiene of an organization and the likelihood of a future data breach. The integration of PreBreach ratings into security processes, vendor management programs, cyber insurance processes and risk management tools allows organizations to avoid costly risk assessments, while enabling businesses to understand its risk posture, act quickly and appropriately to proactively protect its most critical information assets.
YourCISO provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal. YourCISO provides organization ready access to a senior executives and highly skilled technical security experts with a proven track record, matched specifically to your needs. The YourCISO service is designed to be an affordable long term solution for addressing information security risks. YourCISO brings together all the elements an organization needs to develop, document and manage a comprehensive information security program.
For more information, please visit:
RiskBasedSecurity.com
VulnDB.CyberRiskAnalytics.com
CyberRiskAnalytics.com
YourCiso.com
Or call 855.RBS.RISK
About Risk Based SecurityRisk Based Security (RBS) provides detailed information and analysis on Data Breaches, Vendor Risk Scores and Vulnerability Intelligence. Our products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations with access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner. In addition, our YourCISO offering provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.
VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API for easy integration into GRC tools and ticketing systems. VulnDB allows organizations to search on and be alerted to the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that help build applications. A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.
Knowledge.Relationships.Trust and Confidence.
RISK PLACEMENT SERVICES2850 Golf RoadRolling Meadows, IL 60008Ph: 866.595.8413RPSins.com