- Emergency Consultation Services
- FMG BlogLine
By: David Cole
Verizon recently released its 2014 edition of its Data Breach Investigation Report. You can download a copy here for your reading pleasure — or heartburn. Retailers should take particular note of this report. As Verizon states, “(2013) may be tagged as the ‘year of the retailer breach,’ but a more comprehensive assessment of the InfoSec risk environment shows it was a year of transition from geopolitical attacks to large-scale attacks on payment card systems.” The most common method of attack against retailers was point-of-sale (POS) intrusion (33%), which is when the bad guys install malware on a POS device (usually through weak security like easy passwords) that collects card numbers as transactions are processed and dumps them into a temporary file, which is then retrieved later. New PCI-DSS rules will go into effect in July, so now is the time to review your security policies and procedures.
The Ponemon Institute also released its 2014 Cost of a Data Breach Study. You can download a copy of it here. In the United States, the average cost of a data breach rose to $201 per breached record. But the good news is that the report also confirms ways that businesses can reduce their costs of a data breach. The most effective way to reduce costs is to have “strong security posture,” which means having strong security policies, training your employees, and making it a top issue, reduced the average cost by over $14 per record. The factor having the second-biggest impact was having an incident response plan prepared in advance. We have preached about this before – every business should have a data breach response plan that identifies your response team and the procedure you will follow. Companies that did this saved an average of nearly $13 per record when responding to breaches in 2013.
Both of these reports confirm that a little investment and preparation on the front end will save you a lot of time and money later. Please contact David Cole at (770) 818-1287 or [email protected] to discuss your questions about how to best prepare your organization.