2015: The Year of the Super Mega Breach
No need to be a visionary to see that 2015 will be the ‘Year of the Super Mega Breach’
“2014 was yet another reminder that we are losing this contest.” Those were the words used by the RSA President Amit Yoran in his opening keynote at RSA Conference Conference in San Francisco last week.
The past year has seen a procession of high-profile data breaches against organizations as well-known and diverse as Target, Home Depot, PF Chang, Sony Pictures Entertainment, JPMorgan Chase and Anthem. These attacks have targeted data ranging from customer records to intellectual property and personal communications. Some people say that these kinds of things only happen to the big companies, but is this true?
What Are the Odds Your Company Will Suffer a Data Breach This Year?
To better understand the potential risk to an organization’s sensitive and confidential information, we thought it would be helpful to know the probability that an organization will have a data breach.
The statistics show that the probability of a data breach over the next two years involving a minimum of 10,000 records is nearly 19%. In addition, we find that the probability or likelihood of data breach varies considerably by industry.
Public sector organizations have the highest estimated probability of occurrence at 23.8%, while energy and utilities have the lowest rate of occurrence at only 7.5%.
So, assuming you are going to have a data breach in the future, how much is it going to cost you?
According to 2014 benchmark findings, data breaches cost companies an average of $201 per compromised record.
Specifically, heavily regulated industries such as healthcare, transportation, education, energy, financial services, communications, pharmaceuticals and industrial companies tend to have a per record data breach cost substantially higher. In contrast, retailers, hospitality companies and public sector organizations have a per capita cost well below the overall mean value.
So what are the main causes of super breaches?
44% of incidents involved a malicious or criminal attack, 31% concerned negligent employees, and 25% involved system glitches that include both IT and business process failures.
How Can I Prevent Data Breaches?
Security Testing is the best approach to start a strong security program Security Testing helps to diagnose your system from a security perspective and answer these kinds of questions:
- Am I protected from the most critical security flaws?
- How fast can an attacker obtain confidential information from my system?
- Does my system meet security standards?
- How can I improve the security of my application?
Check out what Amit Yoran has to say on this topic from his Keynote at the RSA Conference here.