2014 Data Breach Reports


By: David Cole  
Verizon recently released its 2014 edition of its Data Breach Investigation Report.   You can download a copy here for your reading pleasure — or heartburn.   Retailers should take particular note of this report.  As Verizon states, “(2013) may be tagged as the ‘year of the retailer breach,’ but a more  comprehensive assessment of the InfoSec risk environment shows it was a year of  transition from geopolitical attacks to large-scale attacks on payment card  systems.”  The most common method of attack against retailers was point-of-sale (POS) intrusion (33%), which is when the bad guys install malware on a POS device (usually through weak security like easy passwords) that collects card numbers as transactions are processed and dumps them into a temporary file, which is then retrieved later.  New PCI-DSS rules will go into effect in July, so now is the time to review your security policies and procedures.
The Ponemon Institute also released its 2014 Cost of a Data Breach Study.  You can download a copy of it here.  In the United States, the average cost of a data breach rose to $201 per breached record.  But the good news is that the report also confirms ways that businesses can reduce their costs of a data breach.  The most effective way to reduce costs is to have “strong security posture,” which means having strong security policies, training your employees, and making it a top issue, reduced the average cost by over $14 per record.  The factor having the second-biggest impact was having an incident response plan prepared in advance.  We have preached about this before – every business should have a data breach response plan that identifies your response team and the procedure you will follow.  Companies that did this saved an average of nearly $13 per record when responding to breaches in 2013.
Both of these reports confirm that a little investment and preparation on the front end will save you a lot of time and money later.  Please contact David Cole at (770) 818-1287 or [email protected] to discuss your questions about how to best prepare your organization.