These past 10 years have given us some of US history's most high-profile data breaches. There was the AOL incident in 2005, where an insider leaked sensitive data. The Sony (2011) and Target (2014) incidents exposed millions of customer records. And this year alone, we saw healthcare companies (Anthem), government agencies (OPM), and even online dating services (Ashley Madison) get hit with breaches of their own. The magnitude of stolen information is staggering, and the variety of which even more so.
Much of the attention surrounding these breaches has been focused on who's affected and how they can recover. The stolen data on the other hand is treated as a lost cause. But there is so much more to learn from studying what was stolen. By following the data, we can get a picture of what attackers are looking for, how they use the data, how much it costs, and where it eventually ends up.
Numaan Huq of the Trend Micro Forward-Looking Threat Research team analyzed a decade's worth of data breach information to gain insight into the odds at play when a company suffers a breach. His probability studies will allow companies to assess their current risk levels in order to come up with better strategies to defend their networks. They also help us prove if what we know about data breaches have merit or are just mere myths.