With Data Breach Costs Up Again The Third Reason For This Will Surprise You – Charles Leaver

Written By Patrcik Kilgore And Presented By Charles Leaver

Just recently two major reports were released that celebrated big anniversaries. On the one hand, we saw the Mary Meeker 20th yearly Internet study. Some of the initial industry analysis on the Internet was led by Meeker several years back and this report saw her mark Twenty Years of influencing viewpoints on the Internet. And 10 years after Meeker’s first observations on the Internet there was the very first research study of data breach costs by the Ponemon Institute.

Just 10 years after the creation of the Internet it was exposed that there is an ugly disadvantage to the service that supplies significant advantages to our businesses and our lives. Today there are more annual research studies released about data breaches than the Internet itself. Just recently we invested hours evaluating and absorbing 2 of the greatest data breach reports in the market, the currently mentioned Ponemon report and the now extremely influential Verizon DBIR (the report is essential enough simply to utilize an acronym).

There were intersections between the two reports, however the Verizon report should be given credit due to the fact that if you’ve had the ability to do anything in security for 10 years, you must be doing something right. There are many fascinating stats in the report but the factors for the total costs of data breaches skyrocketing were of the most interest to us.

The Ponemon research studies have actually exposed 3 drivers behind the increased cost of a breach. The first is that cyber attacks have increased in number and this has correlated in greater costs to remediate these attacks. An increased per capita expense from $159 to $170 year on year has been mentioned. That’s a 5% jump from 42% to 47% of the overall root causes of a breach. Likewise, lost profits as a result of a data breach have increased. In the aggregate, this increased from $1.33 M to $1.57 M in 2015. The reasons are because of the unusual client turnover, the increased acquisition activity, and loss of goodwill that results from being the target of a malicious attack. However, the most intriguing reason provided is that data breach expenses connected with detection and escalation have increased.

These expenses include investigations and forensics, crisis group management and audits and evaluations. Now the trend appears to be gathering speed at just shy of a massive $1Billion. Organizations are just now beginning to implement the solutions required to constantly monitor the endpoint and offer a clear picture of the origin and complete effect of a breach.

Organizations not just need to monitor the increase of devices in a BYOD world, however likewise look to enhance the security resources they have actually already invested in to decrease the expenses of these examinations. Risks need to be stopped in real time, rather than recognized retrospectively.

“Avoidance may not be possible in the world we live in.” With harmful threats becoming more and more common, organizations will have to evolve their M.O. beyond traditional AV solutions and look to the endpoint for total defense,” said Larry Ponemon in his webcast with IBM.

 

Charles Leaver – Increased Data Loss Risk For Organizations Due To BYOD Passwords And Employee Sharing

Written By Charles Leaver Ziften CEO

 

If your organization has implemented a bring your own device (BYOD) policy then you will be putting yourself at increased risk of cyber crime and the loss of your data, since the devices will normally have inadequate control and endpoint security in place. With mobile devices, staff members often access customer cloud services and make use of password practices that are not secure enough, and this accounts for a large chunk of the dangers associated with BYOD. Making use of endpoint software that provides visibility into precisely exactly what is running on a device can help IT departments to comprehend and address their vulnerabilities.

BYOD is a common technique for executives and employees to access sensitive business data on their individual tablets, laptop computers and smart phones. Nearly 9 from ten companies in Australia had approved a number of their senior IT team member’s access to critical business information through their own BYOD devices, and 57% asserted that they had offered it to at least 80% of their leadership, revealed by a ZDNet Survey. With less privileged staff and those that were new the numbers provided BYOD access was still up at 64%. These workers were not granted access to monetary details though.

With the number of BYOD devices growing, a lot of organizations have not carried out the correct endpoint management strategies to make their increasing mobile workflows protected. Almost 50% of the respondents stated that their organizations had no BYOD policies, and just 17% verified that their practices were ISO 27001 certified.

Safe BYOD Is Most likely At Most Risk From Passwords

Those organizations that had taken actions to protect BYOD the application of password and acceptable use policies were the most typical. However passwords may represent a critical and special vulnerability in the implementation of BYOD, due to the fact that users typically use the very same passwords once again and they are not strong enough. While companies that have a BYOD policy will definitely increase the threat of a hacker attack, there may be an even greater threat which is internal said former Federal Trade Commission executive Paul Luehr, in an interview with CIO Magazine’s Tom Kaneshige.

Luehr told Kaneshige “the most typical way BYOD policies affect data security and breaches is in the cross-pollination of passwords.” “An individual is most likely utilizing the same or extremely similar password as the one they use on their home devices.”

Luehr noted that prime threats for organizations that permit BYOD are disgruntled staff members who will typically expose important data once they have actually been released, are prime threats for businesses that have actually allowed BYOD. Because of BYOD the distinction between work and home is vanishing, and dangerous behavior such as utilizing social networks on corporate networks is being practiced by some workers, and this can be a prelude to finally sharing delicate details either wilfully or carelessly using cloud services. The productivity gains that are made with BYOD have to be preserved with the implementation of comprehensive endpoint security.

Organizations Face The Possibility Of Data Attacks Now More Than Ever So Data Loss Prevention Strategies Must Be Pursued – Charles Leaver

By Ziften CEO Charles Leaver

For United States companies the occurrence of a major cyber attack and consequential data leakage is looking more like “when” instead of “if”, because of the brand-new dangers that are presenting themselves with fragmented endpoint techniques, cloud computing and data intensive applications. All too frequently organizations are disregarding or improperly resolving vulnerabilities that are understood to them, and with aging IT assets that are not properly protected the cyber lawbreakers begin to take notice.

The variety of data breaches that are taking place is very troubling. In a report from the Verizon Risk Team there were 855 substantial breaches which led to 174 million records being lost back in 2011. The stakes are really high for companies that handle personally identifiable info (PII), since if staff members are not educated on compliance and inadequate endpoint data protection measures are in place then expensive legal action is most likely to happen.

” The probability of a data breach or privacy problem happening in any business has become a virtual certainty,” Jeffrey Vagle, legal expert writing for Mondaq stated. He advised that record keepers have to reassess their approach to network and device security, worker data access controls and the administration of PII info. The increase in the use of cloud services can make the prevention of data breaches more of a challenge, as these services allow the enormous exchange of details every time. It would only take one event and millions of files could be lost.

Understood Vulnerabilities Require Focus

A lot of IT departments fret constantly about zero day attacks that will cause a data breach and catch them off guard. As an example of this, Dirk Smith of Network World discussed an Adobe Acrobat exploit that opened the door for hackers to conduct advanced monitoring. A great deal of IT vulnerabilities can come when software is not patched up to date, and a great deal of zero day threats can happen from weak points in legacy code which includes a bug in Windows which targeted features that were first introduced Twenty Years earlier.

Security professional, Jim Kennedy wrote in a Continuity Central post “something that I have discovered is that much of the breaches and intrusions which prospered did so by attacking known vulnerabilities that had been determined and had actually been around for many years: not from some sophisticated ‘zero-day’ attack which was unidentified and unknown until only the other day by the security community at large.” “And, much more troubling, social engineering continues to be a most effective way to begin and/precipitate an attack.”

Now the cyber criminal fraternity has access to a comprehensive range of pre packaged malware. These tools have the ability to carry out network and computer system analytics that are complicated in nature then advise the ideal attack technique. Another risk is a human one, where workers are not trained properly to screen out calls or messages from people who lie about belonging to the technical support team of an external security service provider.

It is certainly very important to proactively resist zero day attacks with robust endpoint protection software applications, but also organizations need to integrate reliable training and processes with the software and hardware solutions. While many organizations will have a number of security policies in place there is normally a problem with enforcing them. This can lead to risky variations in the motion of data and network traffic that should be reviewed by security personnel being neglected and not being addressed.