By: David Cole
In recent months, various organizations have released studies of data breaches that occurred in 2013. Depending on how you look at them, the results can either give you comfort or heartburn. Let's be optimistic and take the "glass half-full approach" to see what lessons can be learned.
One of the biggest reports each year is the Verizon Data Breach Investigation Report. Retailers should take particular note of this year's report because, as Verizon states, "(2013) may be tagged as the ‘year of the retailer breach.'" The most common method of attack against retailers was point-of-sale (POS) intrusion (33%), which is when the bad guys install malware on a POS device (usually through weak security like easy passwords) that collects card numbers as transactions are processed and dumps them into a temporary file, which is then retrieved later. Other important takeaways from the Verizon report are:
•Internal employees, business partners, and collusion threats made up less than 10% of all data thefts. This is a marked decrease from prior years, and indicates a shift in the threat environment. While internal threats still exist, they are no longer the most common source. Businesses should focus their security on detecting intrusions from outside.
•Hacked or stolen credentials are the most common ways hackers gain access to data. This is probably no surprise to network administrators, but to easiest and most common way for thieves to get data is to obtain user names and passwords. Data-exporting malware, phishing, RAM scrapers, and backdoor viruses were the top five threats to accomplish this. Businesses need to educate employees on how to avoid these scams and maintain a strong security posture.
•Hacks were discovered more often by internal employees than by outsiders. This is a big change from prior years and a positive sign that companies are finally starting to look for signs of intrusion in event logs and creating actionable alerts.
The Ponemon Institute also released its 2014 Cost of a Data Breach Study. Costs of responding to a data breach include computer forensics, notification expenses, free credit monitoring subscriptions, legal fees, and business interruption. In the United States, the average cost of a data breach rose from $188 to $201 per breached record. But the good news is that the report also confirms two simple ways that businesses can reduce their costs of a data breach:
•The most effective way to reduce costs is to have a "strong security posture." This means having strong security policies, training your employees, and making security a top issue - not relegating it to the IT department. According to the Ponemon report, organizations that did this reduced their average costs by over $14 per record.
•Having a data breach response plan is the second-biggest factor to reducing costs. We have preached about this before - every business should have a data breach response plan that identifies action items like when to sound the alarm, who is on the response team, what vendors you will use, and the procedure you will follow. You do not want to be asking these questions in the midst of a breach. As proof, companies that had plans in place ahead of time saved an average of $13 per record.
Both of these reports confirm that a little investment and preparation on the front end will save you a lot of time and money later. Please contact David Cole at (770) 818-1287 or [email protected] to discuss your questions about how to best prepare your organization.