Are the headlines around the recent network security failings at Target and the NSA isolated incidents, or a sign of more to come? ThreatTrack Security Labs has conducted a survey of IT security professionals, revealing 10 sobering reasons that you’ll see more data breaches (and likely business opportunities related to security) as time goes on.
- Threats Are Increasing: ThreatTrack Security labs processes more than 200,000 malicious security threats each day. Cybercriminals are getting faster and creating threats an alarming rate.
- The C-suite Is Concerned (and some are a little negligent): When surveyed about their views on cybercrime threats, the results were telling. Of the CEOs, CFOs, CIOs, and CISOs surveyed in 2013, 69 percent indicated they were concerned they are vulnerable to advanced malware threats; 66 percent said they were unsure if they have been targeted by an advanced persistent threat (APT) attack; and 47 percent did not use advanced malware analysis in their cyber defense.
- The Frontlines Need Help: Questioning IT staff responsible for handling malware analysis revealed 67 percent are concerned about the complexity of malware, painting a picture that they were “understaffed and outgunned” when handling daily external and internal threats. The study also revealed another 67 percent saying they struggle with the volume of malware they face and 40 percent citing a lack of skilled staff as a major issue in their fight.
- Threats Come From Within: The study revealed senior leadership’s “risky” online behavior as a gateway to stolen credentials and access to an organization’s most sensitive data.
- 56 percent clicked on a malicious link in a phishing email.
- A family member was allowed to use a company-owned device by 45 percent of respondents.
- Infected pornographic websites were visited by 40 percent of the respondents.
- The Cost And Sophistication Of Breaches Is Increasing: The average business loses $3.03 million as a result of a data breach. When the comprehensive cost of loss of competitiveness, eroded customer trust, government fines and litigation are calculated, one breech can be enough to completely knock a business off its feet.
- Some Breaches Are Just Being Missed: Breaches are going too long without being detected — the study found 66 percent requiring months to be found. The majority are detected using forensic investigative tools including: malware analysis sandboxes (28 percent), DLP solutions (19 percent), or law enforcement (15 percent.) Only 10 percent of breaches were discovered accidentally.
- Breaches Aren’t Being Reported: The study cited 66 percent of malware analysts with large firms reporting undisclosed data breaches. Of that same population, 57 percent admitted they had investigated a breach that was never disclosed.
- Research Is Underfunded: While IT budgets rise, security allocation is not keeping pace. Firms surveyed reported less than an average of 4 percent of their budgets are dedicated to IT security.
- Consumers Are Wary: Even before Target’s data breech, U.S. consumers were concerned about security. Of participants surveyed, 71 percent believe that companies are not doing enough to protect their data, and 75 percent believe the companies holding their data will be attacked, or that their information will be stolen.
- The Government Is Lagging: Many companies look to government standards as a starting point for their cybersecurity and data breach defense strategies. The public, however, is sill skeptical of government involvement, with 70 percent reporting they have doubts.
While the outlook of information security may seem bleak, customer concerns and ever changing technology presents opportunities for VARs who, as trusted advisors, can help their customers navigate options and manage risks.