Menu
INSIGHT: Data breaches getting worse, costing more

INSIGHT: Data breaches getting worse, costing more

Data breaches put critical data at risk, are a serious invasion of privacy, and it costs a ton of money to clean up the damage.

Data breaches put critical data at risk, are a serious invasion of privacy, and it costs a ton of money to clean up the damage.

What is worse is that the cost is constantly on the rise; going up 23 percent in the past couple of years.

A new study by the Ponemon Institute, sponsored by IBM, dissected these costs in its 2015 Cost of Data Breach Study: Global Analysis report.

The study, which is aimed at large enterprises, found the average price tag for data breach cleanup is $US3.8 million.

What does this have to do with me?

There are also lessons to learn for smaller organisations because they often are more vulnerable to breaches. Many have fewer security tools, a small team or staff to mitigate security threats, and meagre training resources.

With data breach-focused attacks becoming more frequent and more sophisticated, small to medium sized organisations are experiencing greater consequences than their larger corporate brethren.

Large shops still take, on average, 256 days to even know there was a breach by an outsider.

Smaller organisations may take far longer, or only realise it when either customers complain about illegal use of their data, or when competitors act in a way that shows they have confidential data, or perhaps when a hacker makes an attempt at extortion.

So where do breaches come from?

According to the report: “Forty-seven percent of incidents involve a malicious or criminal attack, 25 percent concern a negligent employee or contractor (human factor), and 29 percent involve system glitches that includes both IT and business process failures.”

Ponemon and IBM didn’t go into detail about how a breach can be stopped in its tracks. But at GFI we’ve recently documented the risks posed by employees, including IT staff, in addition to the usual hacking and malware threats, and how these can be mitigated.

What steps to take?

If you’re looking for a few quick tips and tricks, here are five we recommend:

1. One area of attack is the insider space. According to the Verizon Data Breach investigations report, 14 percent of breaches are due to insiders. Treat insiders as potential corrupters and save yourself a lot of grief.

2. Human error is another factor that makes insiders so dangerous. According to CompTIA, 52 percent of all breaches come from human error. Here the answer is to train employees to protect company data, and not fall for scams through phishing and social engineering.

3. Technology is also critical. Many breaches come from email, so email security is paramount. Once again, train your employees to avoid phishing and make sure you use robust software to keep malware at bay.

4. The web is another source of danger, and here is where web monitoring makes sense. Scanning webpages and downloads before these are served to your users will mean enhanced protection.

5. The basics are also still very important. Make sure you regularly install software updates and patches, and that your anti-virus software is up to date, and end user firewalls are on.

Verizon makes a very good point: “The first step in protecting your data is in knowing where it is, and who has access to it.

From this, build controls to protect it and detect misuse. It won’t prevent determined insiders (because they have access to it already), but there are many other benefits that warrant doing it.”

This is accomplished by carefully reviewing end user accounts. First, you need to establish who has access to sensitive data and then implement a process where account activity is reviewed as soon as an employee gives notice or is terminated.

Preventative measures go a long way in the mitigation of data breaches.

Organisations need to start covering all bases because data breach attacks come for all angles, including from within.

Even though security might be seen as an extra expense in small to medium organisations, the real cost might be far greater after an attack.

By Doug Barney - GFI Software

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags datasecurityGFI Softwarecyber security

Featured

Slideshows

Reseller News launches inaugural Hall of Fame lunch

Reseller News launches inaugural Hall of Fame lunch

Reseller News welcomed 2015 and 2016 inductees - Darryl Swann, Dave Rosenberg, Gary Bigwood, Keith Watson, Mike Hill and Scott Green - to the inaugural Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed how the channel can collectively work together to benefit New Zealand, the Kiwi skills shortage and the future of the industry. Photos by Maria Stefina.

Reseller News launches inaugural Hall of Fame lunch
Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Show Comments