The price of a data breach

Around $400 million were lost when 700 million private records from 70 organizations were exposed to hackers according to Verizon’s 2015 Data Breach Investigations Report.

The report studied 170 million malware events around the world and found five such events happen every second. In 70% of the cases there’s always a secondary victim. 80% of security threats came from external factors, and 90% of all incidents are people-based. This includes goofing up, getting infected, behaving badly, or losing stuff.

The top three targeted industries are Public, Information, and Financial Services. However, no industry is immune to security lapses.

Retail targets:

The scary thing is that while in 2010 malware meant the good old key logger, fast forward to today, phishing and RAM-scraping malware has grown in a big way. Some of these claim to have caused several high-profile retail data breaches in 2014, often attacking point-of-sale (POS) systems.

Attackers vs. Defenders

In 60% of security breaches, hackers can affect an organization’s systems within minutes. Unfortunately, organizations are often too late to plug the breach. The number of breaches discovered in days still falls short of the time to compromise. This “detection deficit” means hackers are winning, and defenders…umm...let’s not state the obvious. The only saving grace? The 2014 data has recorded the smallest deficit.

Sharing may NOT be caring:

Many organizations share intelligence and data systems today. One would think that a breach in one may trigger a “herd alertness” instantly as in animals. Wrong.

75% infections spread over these networks within 24 hours while over 40% hit the second organization in less than an hour. This surely indicates at a dire need to plug security holes in collaborative systems.

More fishes than ever to phish:

23% of the recipients now open phishing messages and 11% click on infected attachments. A shocking 50% of these emails are opened in the first hour. Research shows that a steady phishing campaign of just 10 e-mails yields a greater than 90% chance that at least one person will get infected.

Mobiles are relatively safe:

In a surprising revelation it was found that mobile devices are not targeted much in terms of data breaches. Most mobile ‘infections’ are simple adware. There were 4, 10,000 such instances in the first three quarters of 2014. Bad news for android users - 96% of mobile malware was targeted at the Android platform. However, mere 0.03% out of millions of devices was infected with malicious exploits.

Internet of Things:

Experts predict there will be over 5 billion IoT devices by the end of the decade. As of now there have been no incidents of IoT security breaches, but that leaves little respite to think that there won’t be in the near future.

Personalized solutions:

(Image credit: iDiva)
Innovative security threats are coming up daily. 70 to 90% of the security threats were unique to an organization. This leads to an over-arching conclusion – there is no ‘free size’ security solution. There is no one ‘fits all’ service every organization can subscribe to.

Cost of a Breach:

Research shows that the average cost of a breach is around Rs. 36 (58 cents) per record per second. That’s Rs. 12,663 ($201) per record over its lifetime. Think that’s cheap? Let’s expand the numbers a bit. The average cost of a 1,000 records breach is between Rs. 32, 76,000 to Rs.54, 81,000. In an established enterprise the number could be anything around 10 million records. The ensuing bill? A cool Rs. 13.2 to 32.7 Crores ($2.1 million to $5.2 million).

(Image credits: Indiatimes)