Friday, February 21, 2014
2013 was record year for data breaches, study finds
Data breaches come in all shapes and sizes, but they're all bad news.
Secure File Transfer
Data breaches may come in all shapes and sizes, but they're all bad news. Exposed or lost information can cost businesses thousands, even millions of dollars and have a long-term effect on their reputation with customers. According to the Ponemon Institute, data breaches can cost as much as $188 per record, which amounted to $5.4 million in the United States in 2012. Unfortunately, the threat of data breaches continues to grow as cybercriminals become more sophisticated and as data recourses expand exponentially. According to a recent study by Risk Based Security, the number of records exposed hit an all-time high in 2013.
Thousands of incidents, millions of records
Even with safeguards like secure file transfer solutions, companies need to be vigilant to guard against growing security threats. Risk Based Security's Data Breach QuickView report revealed that 822 million records were exposed during 2,164 data breach incidents in 2013. Although 2012 had more individual incidents, the number of records involved nearly doubled the previous record, which was in 2011, the source added.
The numbers speak to the concerning state of data security:
- 71.2 percent of reported incidents were caused from the outside the organization
- 59.8 percent were carried out by hackers
- 45.5 percent involved U.S. entities
- 37 percent exposed individuals' names, user names, passwords and email addresses
Other studies have found similarly concerning degrees of information exposure. High-Tech Bridge estimated that the yearly number of compromised passwords is in the hundreds of millions, based on an analysis of hacked information posted on Pastebin.com. These credentials could come from diverse sources like social media accounts or email accounts. Any time log-in information is exposed, it puts the resources protected by those passwords at risk. For that reason, consumer-facing services that rely primarily on passwords for security can be too vulnerable for corporate documents.
According to the Risk Based Security report, for many organizations that experienced their data breach, it wasn't the first time.
"Another disturbing fact emerges when you analyze the 2013 data breaches," said Barry Kouns, CEO of Risk Based Security. "260 incidents involved organizations that have reported a data breach in the past, and sixty organizations reported multiple incidents in 2013. I would not want to be the one to explain that to stakeholders."
This can point to a number of issues: Some companies don't correct their unsafe practices after a breach. Others are targeted repeatedly from numerous angles. They all require strong security strategies that protect their information from all sides.
Guarding against breaches
?CSO Online explained that 84 percent of CEOs and 82 percent of CIOs have high confidence in their security programs, believing them to protect their data sufficiently. The source emphasized that this doesn't mean executives take data security lightly or aren't taking steps to protect their information. The unpleasant reality is that security is complicated, especially as technology advances at an accelerated pace. With more devices, greater volumes of data and more complicated networks, companies need strategies that simplify data management while providing top-notch security.
Employees often need to be able to share documents with their coworkers and access resources remotely. Increasingly, they're using their own devices, making it more difficult for IT teams to manage security. In fact, the full Risk Based Security report indicated that 17.1 percent of incidents were caused by employee error, such as losing a laptop that contains unencrypted data.
Secure file sharing solutions help to bolster security by allowing employees to exchange and access information while keeping the data in a secure, managed environment. While no security solution is impenetrable, organizations need to provide the most comprehensive protection and avoid risky practices.