Fortune 500 companies acquire sophisticated talents and tools to defend against intrusions and Ransomware. But according to Verizon’s Data Breach Investigative Report (2022-data-breach-investigations-report-dbir.pdf (verizon.com)), theirs and other researchers claim that stolen credentials account for as much as 80% of breaches.
How Hackers Acquire Credentials
What are the easiest methods used to acquire credentials. What Data Can a Thief Get from a Stolen Phone or Laptop?
- Buy stolen and lost employees and contractors endpoint devices
- Acquire unsecured data bearing devices stolen out of the datacenter
- Take unsecured devices leaving the enterprise office
- Get your End-of-Life devices from insiders working at a non-compliant vendor
- Phishing attack
Why don’t Fortune 500 Companies Report Breached Devices Majority Of Ransomware Infections Are Not Reported To Authorities
Both private and public businesses do a poor job tracking their data, so it can be a year before they discover a lost endpoint device. And less than 1% of any organization know the serial number of a data bearing device, so perpetrators feel confident that they can replace hard drives and the IT department will assume the device just needs to be re-imaged.
Non-Compliant ITAD Process Subject to Whistleblowing Cybersecurity: A Whistleblower’s Paradise
For those who do not know, Arrow closed their ITAD facility. Why? Insiders report that they were regularly transporting government and health data in a non-secure manner. How soon will Whistleblowers benefit from reporting non-compliant processes used by banks, healthcare facilities, and other businesses that follow the old ITAD model.
TechR2’s Track, Contain, Destroy and Verify Tear-A-Byte® Solution is the Best Compliant Method
Promoted by IBM, Kyndryl and other OEMs, the patented Tear-A-Byte® solution is NIST, and ISO compliant. Organizations that have been caught by Whistleblowers for HIPAA, PCI, SOC-2, CJIS, IRS-1075 (Meeting IRS Safeguards Audit Requirements | Internal Revenue Service), GDPR and NERC violations are actively seeking the TechR2 solution to replace their old antiquated and outdated ITAD solution. It is your responsibility to prove the compliance of your entire supply chain and ignore a supplier’s embellishments on their website telling of their fictitious data governance.
What Has Changed in Data Control?
- The Data Destruction process must meet your Risk and Data Policies requirements
- Data Destruction must occur under your control per Federal, State and Industry regulations
- Vendor must be Cybersecurity Framework certified per Federal, State and Industry regulations
- You must follow data destruction techniques based upon your published Data Classification Policy
- Data destruction by the Sanitizer must be Verified by a second individual
- Certificates of Destruction must be complete and meet NIST 800-88 requirements
Do you need the Patented Tear-A-Byte® Method to Track – Contain – Destroy – Verify Loose Media?
The answer to your cybersecurity control challenge is the ISO, and NIST certified TechR2’s Patented Tear-A-Byte solution. Data and Hard Drive Shredding Tracking Destruction Containment Service (techr2.com). All TechR2 products and services incorporate Zero Trust Architecture data security techniques. Zero Trust Model – TechR2.
TechR2’s NEW Data Destruction as a Service (DDaaS) is the future model and the archaic ITAD processes are dead. DDaaS Data Destruction as a Service – TechR2.
Contact Sepp Rajaie to learn more. Contact our experienced TechR2 staff.