Stumbled across this infographic of the major data breaches of the last decade…
Over the past decade, the size and complexity of attacks has been increasing, what I find of most concern in this diagram is not only the fact that many of them are described as ‘unknown’ which is a combination of companies not knowing how they were breached or not willing to say, but that this is only the ones that have been disclosed.
Here is Australia, we don’t currently have mandatory disclosure laws, so even if the biggest bank had it’s data stolen, they are not obligated to publicize it! This could all be changing see here, although as the article suggests, it could have the reverse effect:
This meant the new legislation would not improve the quality of security through transparency. It could see companies “dumb down” their logging and monitoring capabilities, as well as governance, so they did not detect breaches in the first place. Therefore there would be fewer breaches to report, protecting their reputation.