Archive | Data Security RSS feed for this section

Guess how many times a week your company is hacked?

Most organizations are actually pretty easy targets for attackers. I’ve always wondered though, why the particular companies that have massive invasions the reason the hackers targeted them? Supposedly a credit card number can get you $1.00 on the black market. I assume if you have stolen say 2 million that’s quite a handful of chunk change. The more personal information you can steal, the higher the price.

In every survey, what are organizations concerned about? Security. How many are proactively doing anything about it, or have they evaluated the risk and it is of low value. The recent IBM/Ponemon survey, ‘IBM 2015 Cost of Data Breach Study’, indicates attacks are going up alarmingly and so is the price tag.

In another recent article, Coviello tackles cloud privacy, government’s key escrow plan I found one particular series of statistics very interesting and sobering. Acuity Solutions President Kris Lovejoy painted a gloomy picture of cloud data privacy, which by the way this is an excellent article.

According to Mr. Lovejoy,”An average organization of 15,000 would look at approximately 1.7 million security events per week. Of those 1.7 million security events, 324 of those events were security attacks. Those security attacks were deliberate attacks carried out by motivated attackers,” she said. “For those attacks, 2.1 of those 324 attacks would result in a compromise. So 2.1 times a week a bad guy was getting into the organization.”

Kind of frightening isn’t it?

Comments are closed

Time to Tighten Your Belts – Would you rather be safe or sorry?

According to Osterman Research, 95% of business users primarily communicate via email. Of emails sent, 98% were sent with attachments. Secure? Highly doubtful. Mobile devices and BYOD, has unlocked a hornets nest and has put security of confidential information at risk. In the BYOD world, who owns the content, the owner of the device or the organization? Does the organization have the right to access the device to identify confidential information? Current court cases will decide the outcome.

Complicating security issues, social has entered the business world. Accepted in a court of law, the organization is responsible for tweets, social postings, Facebook, and instant messaging, even if it is an end users personal account. Security breaches should be an organizational priority. Did you know that most breaches are caused internally, either through negligence or deliberately? And the security holes only grow deeper into sink holes with no escape.

Oddly enough, C-level folks state unequivocally that they are concerned with cloud security. Rightly so. On the other side of the coin, they tend not to do a lot about it. Some have the attitude that a couple of million dollars to remedy the situation is pocket change as opposed to being prepared for the worst. It isn’t only the money, for better or for worse the impact on the brand and the attitude of customers can be worth much more than remediation. It takes years to build a brand, and depending on the data exposure, it can be destroyed.

They have made their perimeter a fortress, but most exposures are internal. Spending time documenting your security holes within the organization may influence organizations with lax rules to tighten their belts on security processes, access, and define what is and what is not confidential.

Comments are closed