Menu
INSIGHT: Data breaches getting worse, costing more

INSIGHT: Data breaches getting worse, costing more

Data breaches put critical data at risk, are a serious invasion of privacy, and it costs a ton of money to clean up the damage.

Data breaches put critical data at risk, are a serious invasion of privacy, and it costs a ton of money to clean up the damage.

What is worse is that the cost is constantly on the rise; going up 23 percent in the past couple of years.

A new study by the Ponemon Institute, sponsored by IBM, dissected these costs in its 2015 Cost of Data Breach Study: Global Analysis report.

The study, which is aimed at large enterprises, found the average price tag for data breach cleanup is $US3.8 million.

What does this have to do with me?

There are also lessons to learn for smaller organisations because they often are more vulnerable to breaches. Many have fewer security tools, a small team or staff to mitigate security threats, and meagre training resources.

With data breach-focused attacks becoming more frequent and more sophisticated, small to medium sized organisations are experiencing greater consequences than their larger corporate brethren.

Large shops still take, on average, 256 days to even know there was a breach by an outsider.

Smaller organisations may take far longer, or only realise it when either customers complain about illegal use of their data, or when competitors act in a way that shows they have confidential data, or perhaps when a hacker makes an attempt at extortion.

So where do breaches come from?

According to the report: “Forty-seven percent of incidents involve a malicious or criminal attack, 25 percent concern a negligent employee or contractor (human factor), and 29 percent involve system glitches that includes both IT and business process failures.”

Ponemon and IBM didn’t go into detail about how a breach can be stopped in its tracks. But at GFI we’ve recently documented the risks posed by employees, including IT staff, in addition to the usual hacking and malware threats, and how these can be mitigated.

What steps to take?

If you’re looking for a few quick tips and tricks, here are five we recommend:

1. One area of attack is the insider space. According to the Verizon Data Breach investigations report, 14 percent of breaches are due to insiders. Treat insiders as potential corrupters and save yourself a lot of grief.

2. Human error is another factor that makes insiders so dangerous. According to CompTIA, 52 percent of all breaches come from human error. Here the answer is to train employees to protect company data, and not fall for scams through phishing and social engineering.

3. Technology is also critical. Many breaches come from email, so email security is paramount. Once again, train your employees to avoid phishing and make sure you use robust software to keep malware at bay.

4. The web is another source of danger, and here is where web monitoring makes sense. Scanning webpages and downloads before these are served to your users will mean enhanced protection.

5. The basics are also still very important. Make sure you regularly install software updates and patches, and that your anti-virus software is up to date, and end user firewalls are on.

Verizon makes a very good point: “The first step in protecting your data is in knowing where it is, and who has access to it.

From this, build controls to protect it and detect misuse. It won’t prevent determined insiders (because they have access to it already), but there are many other benefits that warrant doing it.”

This is accomplished by carefully reviewing end user accounts. First, you need to establish who has access to sensitive data and then implement a process where account activity is reviewed as soon as an employee gives notice or is terminated.

Preventative measures go a long way in the mitigation of data breaches.

Organisations need to start covering all bases because data breach attacks come for all angles, including from within.

Even though security might be seen as an extra expense in small to medium organisations, the real cost might be far greater after an attack.

By Doug Barney - GFI Software

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags datasecurityGFI Softwarecyber security

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments