After reviewing the information available on previous data breaches on Privacy Rights, all I can immediately think is “I can’t believe there are data breaches everyday?!?” I joke when I say that is proof we in the cyber field have plenty of job security, but it is still rather shocking to see how many have been reported. It is somewhat disheartening to see that a large number of entities did not report how the breach occurred. As a consumer, I want to have the confidence that not only is it understood how the breach occurred, but that the cause has been remediated. From the perspective of someone working in the field, I want to know what and how it happened.

It’s unfortunate that breaches happen. Even more so given how apparently common it is (and if I’m not mistaken, the site only provides data for entities in the USA). Each breach is a hard lesson learned. Is more employee training needed for cyber awareness? Do software and web developers require stricter code audits before deployment? Are our company policies in place with the current trends and needs of the cyber world? Do we need to harden our configurations? These are some of the basic questions that need to be addressed afterwards. How did the malicious actor get a foot hold, and how can we prevent this from happening again? The study and open-communication when it comes to any breach or cyber attack only helps everyone as a whole become more aware of the tactics being used. This way, others can ensure mitigation measures can be put in place as soon as feasibly possible before a similar attack happens to another entity. More so, with the ability to study previous breaches, frameworks and best-practices can also be developed to help guide and assist entities with ensuring their cyber posture is in-line with current attack trends to better harden their infrastructure as much as possible to, hopefully, becoming an unfortunate “teachable moment” for others to learn from.