BreachExchange mailing list archives
Cyber Security Woes Continue To Haunt Companies
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 13 Oct 2014 18:55:31 -0600
http://www.bidnessetc.com/27123-cyber-security-woes-continue-to-haunt-companies/ Sears Holdings Corp’s (SHLD) discount department store chain, Kmart, got its name added to the list of companies molested by hackers this year. The retailer claims to have lost debit and credit card data in a cyber breach that is reported to have started in September. The company is yet to discover the exact extent of the hacking incident. Breaches in cyber security are costing companies almost twice on average, compared to four years ago. Such incidents, on average, drain away $12.7 million from a victim company, in activities ranging from trade disruptions to informing customers and tightening security. According to Ponemon Institute, the comparable statistic for 2010 was $6.5 million. The study on hacking events also shows that the number of successful breaches has gone up 144% compared to four years ago. In addition, cyber attacks have become increasingly sophisticated in nature, outpacing developments in defense mechanisms. This means that it now takes more time for companies to detect the malware, and the resultant financial damage is much greater. PwC’s research reveals that reported incidents of cyber crimes have increased 48% in the past twelve months to 42.8 million – nearly 120,000 per day. The study also shows that the sharp surge in security breaches was accompanied, surprisingly, by declining security budgets. The survey, incorporating 10,000 top officials, reveals that companies are allocating 4%, on average, to their security budgets, compared to 2013 levels. Retailers, of late, have been under the “cyber security” gun. Just last month, The Home Depot, Inc. (HD) experienced a massive intrusion in which details of 56 million payment cards were compromised. The cyber attack – biggest ever on a retailer – went on for nearly five months before being flagged. Target Corporation (TGT) was also a major hacking victim. In last year’s holiday season, up to 40 million card accounts were affected. In the wake of the incident, Target reportedly suffered a monetary loss of $148 million, on top of losing its then-CEO, Gregg Steinhafel. The latest Kmart attack was detected on Thursday, and is currently under investigation with help from security companies and law enforcement agencies. The company released a statement saying: “We sincerely apologize for any inconvenience this may cause our members and customers. We want our members and customers to be aware of the situation and we suggest that customers carefully review and monitor their debit and credit card account statements.” Kmart President Alasdair James said that the company was targeted with a unique malware which the current antivirus programs failed to detect. Kmart maintains that important customer information like debit card PINs, social security numbers, and email addresses do not appear to have been stolen in the debacle. Online shoppers were also not affected by the attack. US companies have been gravely affected by cyber crimes, with average monetary downfall of $12.7 million per incident. Germany, Japan, and France follow next, with companies in these countries losing $8.1 million, $6.9 million, and $6.4 million per breach, on average, respectively. Hacking incidents have encompassed almost all sectors. Companies in financial and energy sectors have suffered the biggest losses. Technology sector follows next; the damage in healthcare, however, has been relatively less. JPMorgan Chase & Co. (JPM), the largest US bank by assets, suffered a major blow a few days back. The company fell victim to a cyber attack which compromised personal information of 76 million households and 7 million small businesses. Thankfully for the bank, there was no fraudulent activity, as clients’ account numbers and social security numbers were not compromised. Such a large-scale hacking incident did ring some alarm bells for JPMorgan. The company’s CEO, Jamie Dimon, vowed to enhance the $250 million security expenditure and hire more professionals to prevent a similar incident in the future. Mr. Dimon said: “It’s about firewall protection, it’s about internal protection, it’s about vendor protection, it’s about everything that hooks up into you. There will be a lot of battles. Unfortunately some will be lost.” The technology sector itself is not safe from these attacks. Apple Inc. (AAPL) saw iCloud accounts of some celebrities being hacked last month. Although the company said its servers were not breached, experts claimed that such incidents could be prevented by providing additional layers of security. A Ponemon study from earlier this year surveyed 674 IT and security professionals. According to the survey, 57% of the professionals believe that their company would experience a breach within the next twelve months. Prevention against these attacks will require more investment in security intelligence tools, which will enable the companies to detect potential hackers prior to the incident. It is also important that security departments be taken more seriously by respective organizations, and be assigned strong leaders.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Cyber Security Woes Continue To Haunt Companies Audrey McNeil (Oct 20)