Myth #3: Using hacking or malware is the best way to steal all types of data.
Looking at the probability, this one is actually true, only because these were the most popular methods attackers used this past decade. Hacking into a network-whether using brute force, social engineering, or malware-has the highest chance of returns. The second most preferred method is through insiders. These can be disgruntled employees who leak the data on their own volition.
Myth #4: The retail industry is the most affected by data breaches.
Although retailers have suffered many losses because of data breaches, the most affected industry was actually the healthcare sector, accounting for more than a fourth of all breaches (26.9 percent) this past decade. The second was the education sector (16.8 percent) followed by government agencies (15.9 percent). Retailers only come in fourth place with 12.5 percent. Although its share is not as big as the healthcare industry's, the effects of a breach for a high-profile retail giant can still be damaging in terms of reputation and revenue.
Myth #5: PII is the most in-demand underground commodity in terms of breached information.
There's actually a big surplus of PII currently available in the cybercriminal underground. This has caused its price to drop significantly, from US$4 last year to US$1 this year. The same goes for credit card numbers, which are now sold in bulk, regardless of card brand. Interestingly, the selling of stolen Uber accounts is gaining popularity. They're sold at around US$1.15 each.
For more details, visit Trend Micro's website for the research paper Follow the Data: Dissecting Data Breaches and Debunking the Myths.
Sign up for CIO Asia eNewsletters.