8 Things to Learn from a Data Breach Study (Part 2)

Posted by Stefanie Kober Tue, 12 Aug 2014 12:42:00 GMT



In our previous post on IT security, we discussed four key findings from a data breach study conducted by Ponemon Institute. In this article, we will further discuss these four key findings and outline preventative measures to avoid security breaches.

Key Findings (Continued)

5.    Cybercrime Costs Differ by Company Size, but Smaller Organizations Sustain a Significantly Higher Cost than Larger Organizations

While everyone is vulnerable to cyber-attacks, smaller organizations are more at risk. A common cyber-attack is the theft of sensitive data, and for a small organization, the loss of project files or customer databases can put them out of business.

Smaller companies (employees<20) should implement a VPN for secure connectivity anytime, anywhere. Due to their ease of use and versatility, SSL VPNs are well-suited for small companies allowing users to only access specific applications and services, and providing access to Web applications, Windows Terminal Servers and their applications or internal network connections.

6.    Information Theft, Followed by the Costs Associated with Business Disruption, Represent the Highest External Costs


Annually, information loss and business disruption (or lost productivity) account for 43% and 36% of external costs, respectively. (In the context of this study, an external cost is one that is created by external factors, including fines, marketability of stolen intellectual properties and litigation)

Setting up strong network security is therefore crucial. Increasingly, more organizations are adopting SSL VPNs, which ensure a secure network connection through the use of encryption, single-sign on options, and firewalls.

In order to minimize costs associated with business disruption, it is imperative that all organizations have a contingency plan in place that outlines how to contain and recover from a substantial security breach. The IT staff must quickly solve the issue, hopefully restoring data from backup files, and returning systems to service without any significant downtime. Nonetheless, any downtime can be disastrous in the case of mission critical systems. 

7.    Recovery and Detection are the Most Costly Internal Activities


Combined, recovery and detection account for 49% of the total internal activity cost per year; cash outlays and labor account for most of these costs. This highlights the importance of back-ups. A data-backup policy is especially important if the organization has several laptops or other mobile devices that can be lost or stolen. To avoid data theft from loss or stolen mobile devices, no data should be downloaded to the device, but rather all data is completely and securely located in the central corporate network.   

8.    A Strong Security Policy Minimizes the Cost of Cyber Attacks


As expected, businesses that invest in a strong security policy and system are better off than their counterparts. This stresses the importance of a strong security policy, which provides the plan for the overall security program adopted by the organization.

Conclusion

As cybercriminals have become more sophisticated in their tactics, fighting cybercrime has become increasingly challenging for organizations worldwide. Although sustaining an organization’s security posture or compliance with standards, policies and regulations also comes at a cost, the benefits of strong security measures outweigh the plausible costs incurred by cyber-attacks.

Author: Hazel Farrugia

no comments |

You must be registered in order to write comments. To register as a new user click here.

If you're already registered, please leave a comment here

Leave a comment