Impact of Data Breaches



Similar documents
WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Incident Response. Proactive Incident Management. Sean Curran Director

PCI Compliance for Healthcare

Finding a Cure for Medical Identity Theft

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

2014: A Year of Mega Breaches

Reducing Cyber Risk in Your Organization

How-To Guide: Cyber Security. Content Provided by

The SQL Injection Threat & Recent Retail Breaches

Cybersecurity and internal audit. August 15, 2014

Prevent Security Breaches by Protecting Information Proactively

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

BEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Reducing the Cost and Complexity of Web Vulnerability Management

A Case for Managed Security

How To Protect Yourself From Cyber Threats

HEALTH CARE AND CYBER SECURITY:

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Is the PCI Data Security Standard Enough?

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Designing & Building an Information Security Program. To protect our critical assets

Information Security Addressing Your Advanced Threats

3 Marketing Security Risks. How to combat the threats to the security of your Marketing Database

Hard vs. Soft Tokens Making the Right Choice for Security

The Impact of Cybercrime on Business

White Paper. Data Security. The Top Threat Facing Enterprises Today

End-user Security Analytics Strengthens Protection with ArcSight

7 Steps to Protect Your Company from a Data Breach

INDUSTRY OVERVIEW: FINANCIAL

Anatomy of a Data Breach: Why Breaches Happen and What to Do About It

Cyber Security An Exercise in Predicting the Future

How Companies Can Improve Website & Web Application Security. Even with a Tight IT Budget

90% of health insurers surveyed have had a data breach 3. 72% increase in cyberattacks against healthcare companies occurred between 2013 and

Into the cybersecurity breach

Information Security Services

Network Security & Privacy Landscape

Cybersecurity. Are you prepared?

Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities.

The Business Case for Security Information Management

Agenda. Cyber Security: Potential Threats Impacting Organizations 1/6/2015. January 10, 2015 Scott Petree

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Anatomy of a Healthcare Data Breach

Cybersecurity: Safeguarding Your Business in the Digital Age

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

CYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE

Passing PCI Compliance How to Address the Application Security Mandates

Cyber Threats: Exposures and Breach Costs

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

Overcoming PCI Compliance Challenges

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

Applying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.

SecurityMetrics Vision whitepaper

Cybersecurity Workshop

Secure Endpoint Management. Presented by Kinette Crain and Brad Lewis

I ve been breached! Now what?

Nine Steps to Smart Security for Small Businesses

AUTOMATED PENETRATION TESTING PRODUCTS

Top five strategies for combating modern threats Is anti-virus dead?

Repave the Cloud-Data Breach Collision Course

The SQL Injection Threat Study

Cyber Security Management

Top 10 Tips to Keep Your Small Business Safe

Aftermath of a Data Breach Study

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

Data Breach Lessons Learned. June 11, 2015

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Application Security in the Software Development Lifecycle

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

THE TOP 4 CONTROLS.

AUTOMATED PENETRATION TESTING PRODUCTS

ITAR Compliance Best Practices Guide

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

2012 Endpoint Security Best Practices Survey

How One Smart Phone Picture Can Take Down Your Company

CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015

IT Compliance Volume II

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Password Management Evaluation Guide for Businesses

White Paper September 2013 By Peer1 and CompliancePoint PCI DSS Compliance Clarity Out of Complexity

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Payment Card Industry - Achieving PCI Compliance Steps Steps

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Global Corporate IT Security Risks: 2013

F G F O A A N N U A L C O N F E R E N C E

Perspectives on Cybersecurity in Healthcare June 2015

Managing IT Security with Penetration Testing

GUIDE TO IMPROVING INFORMATION SECURITY IDENTIFYING WEAKNESSES & STRENGTHENING SECURITY

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

Summary of the State of Security

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

PCI DSS Overview and Solutions. Anwar McEntee

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

FEELING VULNERABLE? YOU SHOULD BE.

Transcription:

Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract: Data breach has become prevalent across large, mid-size or small business. With the growing emphasis towards big data companies are more than ever securing huge amounts of data that are used for brand segmentation and targeting. But in this process companies forget that they have a bigger responsibility of safeguarding this data from malicious attacks and hacks that exploit user information. This paper reflects on strategies that most organizations can employ to minimize the impact of data breach and pro-actively protect themselves for such breaches and thefts. 6273 19 th AVENUE NE, SEATTLE WA 98115 www.anniesearle.com 206.453.4386 Page 1 of 10

Introduction A data breach is an incident where confidential, private and sensitive financial or personal identifiable information has been compromised by unauthorized access. Data breaches have become a pervasive problem and organizations have a lot at stake. A new study commissioned by Scott & Scott, LLP, a law and technology services firm focusing on data privacy and network security, confirms that the effects of data breaches are far reaching and can be detrimental to a company of any size 1. While corporations continue to strengthen their firewalls and use security and compliance measures to protect themselves from such vulnerabilities, hackers and cyber criminals always seem to find some way or the other. These attackers are of course usually the United States which makes it all the more difficult for the authorities to catch these criminals and try them in court. In a world where data is everywhere, it has become harder than ever for organizations to protect their confidential information. Complex, heterogeneous IT environments make data protection and threat response very difficult 2. Causes of Data Breach The most common form of data breach that takes place is a targeted attack by external parties. Protecting this huge amount of data from sophisticated hacking techniques can become quite a challenge 3. These targeted attacks are often automated by using malicious code that can 6273 19 th AVENUE NE, SEATTLE WA 98115 www.anniesearle.com 206.453.4386 Page 2 of 10

penetrate into an organization undetected and export data to remote hacker sites 4. But attacking an IT system with a malicious code or malware is only the first step, data breach is a result of sequential processes and for the data breach to be successful or for hackers to get any meaningful information out the data all the phases of the hack need to be successful. A study by Symantec shows that most companies focus on preventing incursions but incursion is only a phase and breach can be stopped at any phase to prevent decryption of the data that has been compromised 5. Here are the phases: Incursion: This is definitely the first phase when hackers try to break into the company s system through different types of attacks such as SQL injection, malware, password violation, buffer overflow and so on 6. Discovery: Hackers then try to map out organizational systems to scan for places where confidential data is stored 7. Capture: Data that is stored in a not strongly encrypted or unprotected system is immediately captured whereas hackers install components called root kits to encrypted network access points to capture confidential data that is part of the organization 8. Exfiltration: Confidential data package is sent back to hackers in its encrypted format and now the hackers have to decrypt this data to get meaningful information out of it 9. 6273 19 th AVENUE NE, SEATTLE WA 98115 www.anniesearle.com 206.453.4386 Page 3 of 10

Therefore if organizations focus on all the four phases it becomes easier for them to protect themselves from such infiltrations. Data breach is just not a one step process and its definitely more than just hacking into a system it is also about where and how organizations store their data, how strongly encrypted it is, what kind of user information they decide to store and so on and focusing on all these minute security points can surely help organizations in securing their data. Recent Trends and Statistics Recent trends and statistics in data breach have been very alarming. The scope of the recent Target data breach is still under investigation and the latest figure suggest that data for around 110 million customers was compromised as opposed to the previously reported 40 million that included personal information such as email, names, addresses and debit and credit information including the PINs. The magnitude of this breach is enormous and is currently under investigation by the federal government. This breach will not only impact Target s quarterly results and profits but poses for it a greater brand and reputational risk. To mitigate these losses Target is trying to woo customers by offering them additional discounts, free credit card monitoring and identity theft protection. But is this enough for customers? Neiman Marcus has just announced a data breach as well, with no data yet available on the size of the breach. Retailers are clearly under pressure to enhance their online platforms and earn back users trust. This sentence does not make 6273 19 th AVENUE NE, SEATTLE WA 98115 www.anniesearle.com 206.453.4386 Page 4 of 10

sense so I removed it. Social Media sites have been hacked often in the past two years, case in point Twitter and Snapchat. In case of Snapchat hackers posted customers personal information such as names, email and phone numbers on a public website. Snapchat apologized for this breach but information has already been compromised and hackers can use this information to pose as users to extract more sensitive information such as bank account data and so on. Sony s Play Station data breach was another significant event that took place in 2011 where customer s stored information such as credit/debit card details, addresses, email id was compromised. Needless to say this hack damaged Sony s reputation and it didn t help its already plunging market worth. Xbox is a market leader in gaming consoles but there was a time when play station lead in this arena, bust such malicious attacks leave long term impacts on minds of the customers which sometimes makes the path to recovery very difficult of not impossible. Studies by Symantec have shown that data breach can happen across any sector. Organizations may have installed highest form of encryption methods but most of them get attacked due to a minor unprotected data point. Some of the stats presented below by Symantec point indicate the pervasive nature of these data thefts. Most data breach victims fell prey because they were found to possess an (often easily) exploitable weakness rather than because they were pre-identified for attack; 79 percent of victims were 6273 19 th AVENUE NE, SEATTLE WA 98115 www.anniesearle.com 206.453.4386 Page 5 of 10

targets of opportunity, and 96 percent of attacks were not highly difficult. 2012 Data Breach Investigations Report (DBIR), Verizon Business, April 2012 10. The average cost per record of a healthcare data breach in 2011 was $240, which is 24 percent higher than average. Healthcare data breaches are the fourth highest by industry, behind the financial, pharmaceutical and communications sectors. 2011 Cost of a Data Breach: United States, Ponemon Institute and Symantec, March 2012 11 For more trends and exact numbers in data theft please refer to this study by Symantec http://www.indefenseofdata.com/databreach-trends-stats/. Business Impact Data Breaches not only cost financial loss for companies but offer a huge reputational loss risk. Organizations build customers trust over a long period of time and this trust can be lost in a matter of minutes and can be very hard for them to regain. Many breaches result in class action lawsuits and litigations which can take years to resolve. Brand Risk is another potential risk companies might suffer where public perception of the brand becomes negative and it may take time to rebuild brand equity. Prevention 6273 19 th AVENUE NE, SEATTLE WA 98115 www.anniesearle.com 206.453.4386 Page 6 of 10

Cost of data breaches can be very high from notification and business loss to tangible ones like brand and customer loyalty. According to a 2010 study by Ponemon total data breach costs have grown every year since 2006, and in 2010, data breaches cost companies an average of $214 per compromised record, up $10 (5 percent) from last year 12. But data breach can always be prevented if right measures are taken at every level and policies and processes are in place. 1. Securing more than just IT systems: Organizations sometimes forget to look beyond their IT systems such employee exit policies, remote access, on and off data storage and so on. Policies and procedures for these processes should be in place to fully secure an organization s working environment 13. 2. A comprehensive breach preparedness plan should be prepared in advance as it will equip management and employees to make faster decisions when a breach occurs. When a data breach of massive proportions occurs it leaves the entire organization in shock and most people aren t aware what to do. This readiness plan will help them overcome such paralysis 14. 3. Employees should be fully aware of the BYOD policies or if they are issued office laptops how to safeguard critical information in those systems. In case a system security is compromised they should quickly report it to the higher authorities so that necessary steps can be taken. 6273 19 th AVENUE NE, SEATTLE WA 98115 www.anniesearle.com 206.453.4386 Page 7 of 10

4. Data minimization is a good practice since hackers can t get access that is not stored in the systems. Organizations should refrain from collecting information that isn t required and clean the system on regular basis of irrelevant data 15. 5. Continuous risk assessment and audit of internal controls is required to understand if the company is equipped with dealing newer and upcoming risk threats or vulnerabilities 16. Performing regular penetration and vulnerability testing also helps identify the weaknesses in the system. 6. It is important to be up to date with the latest security patches and updates. These are especially by targeted by hackers and can pose as a severe security flaw in the system 17. 7. It is important to define security requirements upfront with vendors and organizations should have access and control of offshore data storage or services at all times 18. Conclusion Data breach can occur in any sector be it retail, healthcare, IT or finance. But integrating security in the long term risk management 19 and business goals is extremely important for organizations to come out of such targeted attacks. Complex systems make it harder to secure every data point and hackers are on a continuous lookout for an unlocked point through which they can spread their attacks. It is an 6273 19 th AVENUE NE, SEATTLE WA 98115 www.anniesearle.com 206.453.4386 Page 8 of 10

enormous task, but there shouldn t be any level of complacency when designing the security check points for systems through which transaction of sensitive information takes place. It will forever remain a work in progress and organizations will have to continuously monitor their systems as a single lapse could cost millions, which will make the road to recovery a mammoth task. References 1 The Business Impact of Data Breach. Retrieved January 11, 2013. 6273 19 th AVENUE NE, SEATTLE WA 98115 www.anniesearle.com 206.453.4386 Page 9 of 10

http://www.scottandscottllp.com/main/business_impact_of_data_breach.aspx 2 Anatomy of a Data Breach Why Breaches Happen and What to Do About It. Retrieved January 11, 2014. http://eval.symantec.com/mktginfo/enterprise/white_papers/banatomy_of_a_data_breach_wp_20049424-1.en-us.pdf 3 4 5 6 7 8 9 10 Data Breach Trends & Stats. Retrieved January 12, 2014. http://www.indefenseofdata.com/data-breach-trends-stats/ 11 Data Breach Trends & Stats n. pag. 12 Data Breach Prevention Tips. Retrieved January 12. 2014. http://www.krollcybersecurity.com/resources/data-security-resources/data-breachprevention-tips.aspx 13 14 15 16 17 18 19 https://annualcreditreport.experian.com/assets/data-breach/white-papers/security-asbusiness-risk.pdf 6273 19 th AVENUE NE, SEATTLE WA 98115 www.anniesearle.com 206.453.4386 Page 10 of 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information