The Information Commissioner’s Office (ICO) found that both data security incidents and digital security events increased in the second quarter of 2016.
Per a study published by the UK independent authority, digital security incidents in general increased by 46 percent in Q2 2016. Exfiltration, or the unauthorized transfer of data from a controller system to a location operated by an attacker, experienced an even bigger jump of 54 percent.
A closer look reveals that the healthcare, local business, and government sectors reported the most incidents in the second quarter. Even so, other sectors saw an increase in the number of data security incidents affecting organizations. The education and finance, insurance, & credit sectors saw an increase in events of 18 percent, for example. Meanwhile, charities saw its number of data security incidents grow by 21 percent.
The ICO took it one step further by breaking down its reported data security incidents by type. It found that while some categorizations dropped, others spiked. For instance, incidents involving organizations’ failure to redact sensitive data decreased by 28 percent in Q2 2016. But events involving personal data being posted or faxed to the wrong recipient increased by 18 percent.
As a result of all data security incidents reported in the second quarter, the ICO had no choice but to fine a number of companies, including Whitehead Private Nursing Home Ltd (£15,000), Hampshire County Council (£100,000), and Regal Chambers Surgery (£40,000). Those fines didn’t come close to the £400,000 penalty it issued to TalkTalk in October.
Organizations should take heed of the ICO’s growing number of reports involving data transmission errors. If they want to avoid a hefty fine, they should respond by training their employees to always verify they’re faxing, posting, or otherwise sending personal data to the correct recipient. They can do so via the use of third-party security awareness training software.
Does this type of solution sound of interest to your organization?