It is hard to pick up a technical publication these days with out reading about another security breach that exposes our data. However, security experts believe that the vast majority of security breaches go unreported. One security expert told us that “The problem is far worse than the published statistics suggest.” He went on to say that, “I have seen entire corporate networks of over 100,000 systems completely compromised and hundreds of thousands of files exfiltrated.” This is supported by one survey that found 85 percent of organizations reported a data breach event.
Identification of system intrusions and data breaches is a huge challenge and getting more difficult by the minute. Hackers that steal data are perfectly willing to target smaller companies, as well as larger enterprises. Most small companies don't have the in-house capabilities or budget to implement and maintain the necessary security capabilities. Mid-sized companies have the same issue plus the fact that their systems are larger and more complex requiring much more attention and while they have some resources, they are stretched and so don’t have the capacity to address the security threats. Large organizations are perhaps the most challenged. They have the largest and most complex systems environment and are have been highly targeted by cyber criminals.
No one knows just how many breaches have occurred and gone undetected. We do have some information about the time from when a breech occurs until it is discovered.
The figures represented in this chart support the notion that we need to completely rethink our entire approach to security and monitoring. One significant statistic is that three-quarters of security breaches were not discovered by the victim company but by outside sources.
Stolen data can easily be converted to cash. This is what makes these criminal acts so attractive to criminals. Security break-ins and breaches of sensitive information are a very real concern for organizations around the world. Data security is now on the senior most executives’ agenda and radar screen. One study suggests that the total average cost of a data breach is $7 million. If that is not bad enough, a publically traded company will experience a drop in stock price following announcing they have experienced a breach. Figures suggest that the drop in stock price immediately following a system breach equates to about a $4 million drop in market capitalization. In one instance we saw a decline in market value of over $400 million the day after the problem occurred. While the market in general was up and the companies competitors were all up they still dropped sharply.
With the current condition of the U.S. economy IT budgets are being squeezed and security has not escaped impact from the budget crunch. One study found that on average the 7.4 million small and medium sized companies (under 1,000 employees) in the U.S. spend just one hour a week dedicated to IT Security. A dramatic change is needed and needed now!
INTERNET TELEPHONY Conference & EXPO West 2008 — the biggest and most comprehensive IP communications event of the year — concluded Thursday in Los Angeles, California. Thousands of attendees flocked to the event for three valuable days of exhibits, conferences and networking opportunities. Mark your calendar now for ITEXPO East 2009, February 2-4, 2009, in sunny Miami, Florida.
Read archived editions of Show Daily eNewsletters from ITEXPO (News - Alert) West 2008 here. See you in February!
Kevin G. Coleman, a consultant and advisor with Technolytics Institute, writes the Data Security column for TMCnet. To read more of Kevin’s articles, please visit his columnist page.
Edited by Mae Kowalke