Nearly every industry and data type is at risk for data breach. The 2013 Trustwave Global Security Report is out with some disquieting findings. Some of the top data-related tactical threats facing companies in 2012 were:
- Remote access risks that exploit a security vulnerability in software,
- Adobe Reader Portable Document Format (PDF) attacks,
- Blackhole exploit kits accounted for more than 70 percent of client-side attacks,
- Memory-scraping malware that locates personal data like PINs and credit card numbers.
Other important findings from the study include some of the industries targeted. While all industries are at risk, the retail industry for the first time in the last three years comprised the highest percentage of cyberrisk investigations. E-commerce sites are frequently targeted at 48 percent of all investigations.
Another important information systems (IT) security issue is the length of time to discovery of a breach. According to the Trustwave report, the average time from initial breach to discovery was 210 days in 2012, 37 days longer than it took in 2011. Timely breach discovery is critical. According to the Verizon Business 2012 Data Breach Investigations Report, 60 percent of data breaches exfiltrate data in the first 24 hours of the breach.
Cyber-attacks and data breaches can seriously damage an organization’s reputation, its supply chain and its profits. The average per capita cost of a data breach across nine countries in 2012, according to Ponemon Institute, was $136 per data record. However, breaches in the United States trended higher at $188 cost per record.
An organization’s ability to meet its business objectives is heavily reliant on the integrity of its information systems. Part of a robust Enterprise Risk Management system is a risk mitigation plan that addresses not only best practices that would prevent cyber breaches, but also having the appropriate coverage to protect your organization in the event a breach occurs. To discuss ways to mitigate cyber breach risks for your organizations or your Enterprise Risk Management needs, please contact me at [email protected] or at 732.395.4251.