The effects of payment card and financial breaches in 2014 have been massive, with the number of victims tallied in millions. Organizations and their security teams had to contend with many serious data theft cases throughout the year as sensitive information (credit card numbers, social security numbers, health information, etc.) of their customers was compromised.
The breaches affected big names including Neiman Marcus, Orange, University of Maryland, KT Corp, Michaels, P.F. Chang’s, Home Depot and JPMorgan Chase. The malicious hackers in search for financial benefits used all sorts of sophisticated tools and software to conduct high-profile attacks, including remote desktop applications and keyloggers.
Cost of data breaches saw an uptick in 2014
According to a Chain Store Age report, the cost of recovering from a data reach climbed steadily: from $9 million in 2012 to $11.6 million in 2014, to $12.7 million currently.
And a report from Ponemon Institute and technology provider Duo Security revealed that during 2014, cost of recovering from individual data breaches ranged from $1.6 million (low) to $61 million (high).
Data breaches were not costly for companies in hospitality (accounting for $5.9 million), health care (accounting for $6 million) and consumer products (accounting for $6.8 million), compared with relatively expensive in defense (accounting for $21.9 million), financial services (accounting for $20.8 million) and energy and utilities (accounting for $26.5 million).
In these sectors, larger firms tend to suffer more regulatory losses associated with data breaches, and are held liable for compromise of more customer records.
All the businesses saw attacks from Trojans, worms and viruses. Other cyberattack types include stolen devices (37 percent), malicious insiders (41 percent), social engineering and phishing (44 percent), web-based attacks (64 percent), botnets (76 percent), and malware (94 percent).
Breach recovery takes 45 days on average at a cost of $35,414 per day, with the expense of indirect labor (14 percent), overhead (15 percent), productivity loss (21 percent), cash outlay (22 percent), and direct labor (26 percent).
With 2014 ending on a high note when it comes to data breaches, 2015 will certainly pose new security threats involving sophisticated security tools and software.
What can you do as a company?
While you can’t put an end to data breaches, there are steps you can take to reduce your chances of becoming a victim. Additionally, the measures outlined below will mitigate losses so in the case that you get attacked, your data breach recovery costs remain on the low.
1. Encrypt all data
If the exposed data has been encrypted, data breach notification laws exempt companies from requiring to issue notifications. Encrypt all company data, including that data at rest, and data in transit. Not only encryption is considered a safe harbor, it is expected by regulators and customers.
2. Protect data with cyber intelligence
New threats are emerging on a daily basis, so organizations need to utilize solutions like Massive’s Strixus to protect their digital infrastructure and security. In addition to protecting the perimeter, such solutions secure information outside your ‘castle walls’. And with detailed reports on threats, you can work with your IT department to minimize vulnerabilities.
3. Use a single sign on solution
These solutions prevent hackers form taking advantage of common password vulnerabilities, such as using the same password for different accounts. A single sign on solution will redirect employees to the company login page when they access any company application. It works with one login and one password and as a result, reduces the data breach possibility from password hacks.