Data Breaches and the misconception about their severity

data breach is the intentional or unintentional release of secure information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosuredata leak and also data spill. Incidents range from concerted attack by black hats with the backing of organized crime or national governments to careless disposal of used computer equipment or data storage media.

“A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.”

Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property.

There is no doubt about the fact that their is a certain growth about the awareness about cyber-attacks and certainly the tools to counter such attacks have become increasingly sophisticated.  But despite this, the problem is getting only worse.

Some interesting stats:

  • 67% respondents claim that the complexity of the malware is a major hurdle and the high number of attacks taking place is very troublesome.
  • Average time to analyze a new malware is more than 2 hours , as reported by more than 52% of security experts.
  • Due to the diverse nature of the constantly evolving malwares, 58% security analysts believe anti-malware solutions are pretty much ineffective.

A ThreatTrack research report confirms that organizations face steep challenges dealing with cyber-threats, and a good chunk of the organisations are underreporting incidents for obvious reasons . ThreatTrek conducted a poll of 200 security professionals in U.S. enterprises, and heres what the results look like:

  • Undisclosed data-breaches experienced: 57%
  • Increased difficulty to address fresh malware confirmed by 72% of respondents.
  • More than 40% of the respondents claimed to have a shortage of skilled staff to protect their network.
  • 35% respondents claimed to have no access to malware analysis tools.
  • 21% security analysts complain for lack of executive support.
  • 18% executives confirm budget shortages for cyber-security.
  • A staggering 79% respondents from manufacturing and utilities claimed to have hidden cyber attacks from customers, partners or stake holders, while this number is 57% for Telecom and 56% for Health Care respondents.

A major problem is that the data breaches are becoming diverse and attacks are widely spread over various industries as opposed to a restricted area before. In the words of  ThreatTrack CEO Julian Waits, Sr.,

 “Every day, malware becomes more sophisticated, and U.S. enterprises are targeted for cyber-espionage campaigns from overseas competitors and foreign governments.”Malware analysts are acutely aware of the threats they face, and while many of them report progress in their ability to combat cyber-attacks, they also point out deficiencies in resources and tools.”

Top security risks affecting corporations and individuals alike:

  • Malicious links in phishing mails: 56%
  • Misuse of company owned devices : 44%
  • Malicious mobile apps: 33%

While malware becomes more advanced, a consistent growth needs to be achieved when it comes to anti-malware solutions.  Apart from improving the network security, trainings to personnel who are actually attacked by the malware can be a good way to start improving the security from within. While this accounts to a higher capital investment, it will definitely prove to be a profitable step in the long run.

February 15th, 2014|Strategy|