• All
  • Company
  • Industry
  • News
  • Partners
13 Cyber Security Practices you MUST Follow! 13 JAN
The Cost Of Data Breaches Rises Past $4 Million

The Cost Of Data Breaches Rises Past $4 Million: Post VIA DarkReading:

Ponemon annual report shows data breach benchmark index on the rise again, while Deloitte advises those tangible costs may be just the start to financial impact racked up by breached organizations.

When security executives design the slide decks for their board room presentation about the financial risks of data breaches, they’d better increase the numbers this year. In two separate studies out today by the Ponemon Institute and Deloitte Advisory, traditional data breach costs are on the rise and at the same time the hidden costs of data breaches are also proving to be far more expensive than experts initially anticipated.

The annual Ponemon Cost of Data Breach 2016 report established its yearly benchmark statistics once again, with evidence that breach costs are going up. Sponsored by IBM, the comprehensive study found that the average cost of breaches at organizations have jumped past $4 million per incident, a 29% increase since 2013 and 5% increase since last year. The study found that average dwell time for breaches stands at 201 days, with organizations requiring another 70 days to contain breaches once they’d been identified.

“That’s huge,” says Diana Kelly, executive security advisor for IBM. “It’s basically a matter of either having your plan and running that playbook or at least calling someone in to help with response. The savings make sense because without that people start to do things after a breach that don’t necessarily benefit the response effectiveness or efficiency and could hurt it.”

Other measures that tangibly affected cost-per-record savings included extensive use of encryption, which reduced the cost by $13 per record, use of threat sharing, which lowered it by $9, and having a CISO appointed, which sent it down by $7.

Meanwhile, Deloitte Advisory services says the damages could actually be much higher than those outlined by Ponemon and present themselves many years after the breach. Deloitte’s new report, “Beneath the surface of a cyberattack,” showed that in addition to the well-known costs like breach notification, post-breach protection, and technical investigations, hidden costs also present themselves — in the way of insurance premium increases, increased cost to raise debt, and devaluation of trade name. Deloitte estimates that the known costs may actually only account for less than 5% of total business impact.

“Many executives have difficulty gauging potential impact, partly because they are not typically privy to what other industry participants struggle with as they work to get their businesses back on their feet after a cyber incident,” says Emily Mossburg, principal for Deloitte & Touche LLP, and resilient practice leader for Deloitte Advisory cyber risk services. “An accurate picture of cyber attack impact has been lacking, and therefore many companies are not developing the cyber risk postures that they need.”

In one composite model put together by Deloitte for the report, it showed that the cost to a healthcare company it worked with actually lost $1.6 billion due to a significant breach of patient records, with only 3.5% of those costs coming in the form of “above the surface” costs. The costs under the surface included lost contract revenue and premiums and lost customer relationships.

It’s a stark warning to organizations that the effects of a breach ripple outward much farther than they initially calculated.

Phishing Attacks Jump 250% From Oct Through March

It has been reported a record-breaking 250% increase in phishing activity between October of 2015 and March, 2016, says Business Wire (sourced from Anti-Phishing Working Group). As previously blogged, phishing is defined as 'the activity of defrauding an online account holder of financial information by posing as a legitimate company' and is typically found through email. The APWG reports an astonishing 289, 371 unique phishing sites in Q1 2016, and an estimated 123,555...

Read More
Did Anyone Learn from the Ashley Madison’s Breach?

It should really come as no shock to anyone these days that an online dating website has been hacked. The latest subject of attack is self-proclaimed ‘elite’ dating website BeautifulPeople.com, which has suffered a massive database leak, exposing the personal and sensitive information of 1.1 million users. According to HaveIBeenPwned, a data breach notification website, the leaked user data includes a whopping 15 million personal messages between users, as well as: Beauty...

Read More
When Real Life Pirates Get Tech Savvy

Imagine being a pirate on the high seas, sailing around the world, hoping to land a gold mine – that one ship that was loaded with exactly what you’ve been searching for. Now imagine how much easier it would be if there was a way to hack into shipping companies’ databases and figure out not only which ships, but the exact shipping containers that hold exactly what you’re looking for....

Read More
This Week in Breaches: University of Virginia

Nowadays cyber-attacks are more aggressive and more sophisticated, making it even harder for companies and institutions to catch up and keep up with the evolving technology. But sometimes, a common email scam is all takes to infiltrate your security environment. On January 22, 2016, the University of Virginia reported that the FBI had informed the school that they had been breached through an email phishing attack.  The attack targeted the school’s...

Read More
Do you know what your biggest security risk is?

What do Sony, Ashley Maddison, and Target all have in common? All three enterprise companies were subject of a major data breach in 2015.  In lieu of the breaches stated above, others that occurred in 2015 and the attacks that are happening right now, we think it’s the right time to re-evaluate your current security posture and provide a solution to tackle your biggest security risk; your employees. It should...

Read More
This Week in Breaches: Time Warner Cable

The American cable telecommunications company, which happens to be the second-largest cable company in the country, has admitted that 320,000 customer passwords MAY have been obtained[i]. TWC has stated that the email and password details were likely stolen either through malware downloaded through phishing attacks, or indirectly through data breaches of secondary companies that store their customers’ information. While there are no implications that their systems were actually breached, Time Warner...

Read More
How Do I Protect My Digital Assets?

A Guest Blog Post by Watchful Software.

May 27, New York Times:
Jawbone Accuses Fitbit of Stealing Information by Hiring Workers Away

June 1, Credit Union Times:
Email Data Breach Costs $1.3 Million

September 23, Becker’s Health IT &CIO Review:
Insider data breach: Former CVS employee compromises data on nearly 55k individuals

The headlines say it all!  CISO’s and CSO’s are constantly telling us this is what keeps them awake at night!

  • How do I protect my company’s sensitive unstructured data against a data breach?
  • How do I prevent my company’s sensitive information from walking out the door with current and former employees?
  • How do I prevent both the insider threat and the externally breach?
  • How do I prevent widespread damage to my company’s business when a data breach occurs?

Watchful Software created RightsWATCH to address all of these issues.  Hacking the perimeter, data breaches, whether malicious or non-malicious, whether from an insider or from an external source, all are addressed by RightsWATCH keeping your unstructured data protected at all times.

RightsWATCH takes a data-centric approach to protecting your unstructured data (such as emails, documents, spreadsheets, engineering drawings, etc.) and in protecting against Data Leakage, enforcing compliance through an automated data classification process without interrupting the user’s normal work flow.

RightsWATCH follows a 5 step approach to protecting your company’s sensitive data as follows:

  • RightsWATCH identifies data to be secured at creation with content and context awareness using its Dynamic Classification Engine supported by rules-based policies. All of this information is encapsulated in metadata and aligned with the data itself.
  • Classification is the corporate policy’s key element customized through assigned rights and based upon access privileges and usage.
  • RightsWATCH also provides the user with the capability to place watermarks, set up control headers and footers, and fully attach identifiable metadata.
  • RMS through templates generated by RightsWATCH manages all of the data access rights. RMS encrypts the data, completing the protection process and tying all access to the user with proper credentials. Based upon corporate policy rules, RightsWATCH can also warn and block against an accidental email transmission to an external user preventing the unwitting passage of data outside the corporate perimeter.
  • Once the data is secured, classified and identified, all activity associated with that data is logged and cataloged into a centralized database for tracking and reporting. The central management console provides the user with information necessary and sufficient to construct a regulatory compliance practice.  And this data can also be exported for more detailed forensics with Security Information and Event Management (SIEM) software.

RightsWATCH protects unstructured sensitive data from being accessed by those who are not authorized to have it.  RightsWATCH is the solution which both addresses the insider threat and the external data breach.  In the event of either a malicious or non-malicious breach, your sensitive unstructured data is secured from access by those who should not have access to it.  RightsWATCH is currently installed in leading world banking operations; is being used by leading semiconductor manufacturers; is installed in the Oil and Gas industry; has extensive exposure in Healthcare, Telecommunications, Transportation and Defense.  RIghtsWATCH is the CISO’s and CSO’s real answer allowing them a restful night’s sleep!