Want to win the war against rising data breaches?

Deploying AI tools, next-gen technologies and a holistic approach could substantially improve your ability to prevent, detect, thwart, and contain sophisticated stealth attacks.

Overview

Data breaches are on the rise, and hackers are increasingly more aggressive, with hacking incidents almost doubling since 20132,3 (see Figure 2). “2016 was a record year for data breaches” [19] with more than 4,000 incidents logged and over 4.1 billion customer records exposed, a 40% increase (in incidents) from the year before. Across numerous industries, from entertainment to banking, insurance to retailers, shipping to logistics/transportation, Fortune 500 and smaller companies have suffered massive financial losses and reputational damage4. Anthem (80M records) [3,14], J.P. Morgan Chase Bank (83M), and Sony (1TB+) are just a handful of companies who have become recent victims of super-sized (mega) data breaches with tens of millions of sensitive client records stolen. Data stolen ranges the whole gamut, from Social Security [19], employment records, dates of birth, to financial history and investment records.

Hackers Do Not Discriminate

Large or small, [11, 4] publicly traded or not, financially successful or not, hackers are motivated to cause havoc by monetizing stolen records and/or holding companies’ digital assets for ransom. Blue Toad, a small digital publishing firm that hosts around 5,000 worldwide publications joined Target and other victims as hackers stole more than a million identification numbers for Apple mobile devices from the firm. Targets includes both unstructured (email, communications, file shares) and structured data (CRM systems, core database systems, source code repositories).

Sophisticated Hackers and Increased Digitalization Increase Companies’ Data Breach Risks

Figure Above: Super-sized data breaches have occurred across industry in recent years. From banks to retailers, healthcare organizations and insurance carriers, tens of millions of records containing PII (social security, date and place of birth, etc.), PHI and other sensitive data have been stolen. As hacking threats increase at break-neck speed, it is not a matter of if but when a company will be next on the victim list [3]

As companies and industries shift to digital business they increasingly amass a wealth of valuable digital assets along with electronic client data making them a prime target for hackers. Recent data breaches have not only resulted in super-sized numbers of stolen records but have also caused substantial negative publicity, wasted executives’ time on PR and putting out fires and financial damages. Target, Home Depot and Anthem each sustained $18.5M, $19.5M and a whopping $115M in data breach settlements [7,8,14]. It has also been estimated that ongoing costs for Anthem will exceed $100M for things like credit watch monitoring for their compromised customers. Hackers are increasingly sophisticated and have been able to penetrate perimeter security undetected for several months. When customers hear that their personal information has been exposed for months, and the exposure has been undetected, the reputational damage is much higher.

Defense in Depth

Preventing against all attack vectors may be challenging, if not cost prohibitive or impossible. Persistent and highly motivated hackers may be able to compromise your network, and win the battle [12]. However, if you can stop them from removing your data, you could win the war [10]. A multi-layered defense posture may not eliminate the possibility of you losing the occasional battle, but it would better protect your crown jewels.

Download the White Paper below to learn about holistic techniques and frameworks on how to adopt a multi-defense strategy to fight against rising data breaches.

This research is brought to you by the collaborative efforts of Arete Advisors and Hararei, Inc. Hararei, Inc. is a technology consultancy and channel partner for leading-edge cybersecurity and cloud security solutions.

Resources

1. “Data Breach Statistics”, Breach Level Index. June 2017.

2. “Data breaches increase 40 percent in 2016”, Identity Theft Resource Center. January 2017.

3. “World’s biggest data breaches”, Information is Beautiful. April 2017.

4. “2015 Information Security Breaches Survey”, PWC, InfoSecurity Europe, and HM Government. 2015.

5. “Data Exfiltration Demystified”, Ben Cody, Intel Security. 2015.

6. “How cloud computing helps cut costs, boost profits”, Thor Olavsrud, www.cio.com. March 2013.

7. “2016 Cost of Data Breach Study: Global Analysis”, Ponemon Institute LLC. June 2016.

8. “Top Breaches”, Breach Level Index. June 2016.

9. “Top ten tips to prevent data exfiltration”, SecurityWing. January 2016.

10. “Preventing and Responding to Data Breaches”, Jackson Walker LLP. n.d.

11. “Don’t become the next Sony: How HR can win the war on data”, Pat Didomenico, Business Management. January 2015.

12. “Building a new data breach policy”, Jac Brittain, LPM (Loss Prevention Media) Insider. June 2017.

13. “Data breach response”, Federal Trade Commission. September 2016.

14. “2016 Data Breach Investigations Report”, Verizon. 2016.

15. “Phishing Data – Attack Statistics”, Darren Dalasta, Infosec Institute. 2017.

16. “The Latest in Phishing: March 2016”, Mike Bailey, WombatBlog. March 2016.

17. “Phishing attacks prevention”, Nate Lord, Digital Guardian. June 2017.

18. “Attackers target both large and small businesses”, Symantec. 2016.

19. “2016 a record year for data breaches”, Olga Kharif, Bloomberg.com. January 2017.

20. Arete Advisors Data Exfiltration Framework. Source: https://www.areteadvisorsltd.com/ourmethodologies. 2017.

#Cybersecurity #DataBreaches #dataexfiltration