A joint study conducted by Symantec Corp. and the Ponemon Institute has revealed that human errors and system problems are the cause of two-thirds of data breaches around the world, pushing the global average of the cost of data breaches to $136 per record. The report also found that malicious and criminal attacks are the most costly for the victims of these attacks.
The study, 2013 Cost of Data Breach Study: Global Analysis, shows that common causes of data breaches originating from within organizations included employee mishandling of confidential data, lack of system controls, and violations of industry and government regulations, while malicious or criminal attacks included spyware, malware, Trojans and targeted attacks.
“While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious,” said Larry Ponemon, chairman of the Ponemon Institute. “Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22 percent since the first survey.”
In an interview with Vanguard in 2012, Dean Turner, director of Symantec’s Global Intelligence Network, commented that the cyber threat landscape had shifted in recent years. While previously “big pieces of malware … would indiscriminately run through large swaths of IP space around the globe, [now we] see more targeted types of threats,” he said. “It was less about big pieces of malware that would scoop up everybody – the drift net approach to phishing for victims – and more like line phishing. Now we are seeing, for lack of a better word, spear phishing.”
The study indicated that malicious attacks can include “malicious insiders, that is, people within the organizations who are attempting to harm the company or steal information for financial gain. It also includes criminal attackers – people outside of your organization who are trying to get at high-value information,” according to Linda Park, marketing manager at Symantec.
The objective of the study was to take a macro-level view of data breaches to understand the costs involved for organizations, how these costs are changing, and to get a better picture of the differences between countries in terms of data breaches.
In light of the recent upsurge in hacker groups that are targeting individuals who have access to high-value information, Park suggested that there is a growing awareness of cyber threats within various organizations.
“Given organizations with strong security postures and incident response plans experienced breach costs 20 percent less than others, the importance of a well-coordinated, holistic approach is clear,” said Anil Chakravarthy, executive vice president of the Information Security Group at Symantec. “Companies must protect their customers’ sensitive information no matter where it resides, be it on a PC, mobile device, corporate network or data center.”
Speaking about what security executives can do to minimize their exposure to data breaches, Parks felt that more work needs to be done around cyber security awareness and education, but this alone is not enough. “We recommend having security technologies in place to help you protect against any lost devices, people trying to get into your organization to steal that information, as well as well-meaning employees who are just trying to do their job. We specifically recommend data loss prevention technology, encryption, as well as education to help make sure the appropriate people have access to your information and systems and you can monitor as to what those people are doing within your network with your sensitive data,” she said.
Although Canadian organizations were not included in the 2013 survey, Symantec hopes to incorporate them into future studies.
Symantec has identified four best practices for organizations to prevent a data breach and reduce costs:
• Educate employees and train them on how to handle confidential information;
• Use data loss prevention technology to find sensitive data and protect it from leaving your organization;
• Deploy encryption and strong authentication solutions; and
• Prepare an incident response plan including proper steps for customer notification.
You can read the full study here: http://www.symantec.com/content/en/us/about/media/pdfs/b-cost-of-a-data-breach-global-report-2013.en-us.pdf?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linkedin_2013Jun_worldwide_CostofaDataBreach
