Re: [Dataloss] Nine out of 10 businesses breached in the last year

[Luther Martin <martin () voltage com>]

Reading the actual report that this article is based on, it looks like it's really 9 out of 10 businesses suffered a 
*security* breach, not a *data* breach. Getting hit by a computer virus counts as a securitiy breach, for example, and 
since this report says that only 79 percent of people who responded to the survey actually use an AV product, that 
actually seems like a good explanation for lots of the breaches. 

________________________________________
From: dataloss-bounces () datalossdb org [dataloss-bounces () datalossdb org] On Behalf Of Jake Kouns [jkouns () 
opensecurityfoundation org]
Sent: Wednesday, June 22, 2011 11:47 PM
To: dataloss () datalossdb org; dataloss-discuss () datalossdb org
Subject: [Dataloss] Nine out of 10 businesses breached in the last year

http://www.scmagazineus.com/nine-out-of-10-businesses-breached-in-the-last-year/article/205888/

Ninety percent of organizations have sustained at least one data
breach in the past year, according to a survey released Wednesday by
the Ponemon Institute and Juniper Networks.

Even worse, the survey of 583 U.S. IT and IT security practitioners
found that a majority of organizations have experienced multiple
successful attacks against their networks.

Fifty-nine percent of respondents said their networks have been
compromised at least two times in the past year. Just 10 percent said
they have had no breaches.

Seventy-eight percent of those surveyed said there has been an
increase in the frequency of attacks in the past year. Moreover, most
respondents said attacks have become more severe and difficult to
detect and contain.

“We are seeing an uptick in hacking for profit and hacking for
activism,” Johnnie Konstantas, director of marketing of cloud security
at Juniper Networks, told SCMagazineUS.com on Wednesday.

Breaches most often occurred at off-site locations housing mobile
workers, partners or other third-parties, the survey found. While
respondents mostly were sure of where the data loss occurred, 40
percent could not pinpoint the actual source of the attacks that led
to the breaches.

“These threats are complex," Konstantas said. "Often times there might
be multiple sources of the attack. Some attacks aim to find one hole,
burrow in and use that as a launch pad to get where the real data is.”

When they were able to determine a source, respondents found that
attacks most often came from external agents. But insider abuse also
is rampant, the survey found.

Fifty-two percent of breaches were caused by insiders, while 48
percent were the result of a malicious software download, 43 percent
came from malware on a website and 29 percent from malware on social
media. System glitches were responsible for 19 percent of breaches,
while malware from text messages caused three percent.

Respondents were allowed to check multiple vectors.

Looking forward, more than a third of respondents are not confident
their organization's IT infrastructure can avert future breaches,
according to the survey.

Insufficient budgets are a challenge for many organizations, according
to the survey. A majority of respondents said 10 percent or less or
their IT budget is dedicated to security.

Beside their lack of resources, respondents said the complexity of
improving network security and lack of employee awareness posed major
challenges.

“A new approach, a more pervasive approach to cybersecurity is
needed,” Konstantas, said. “One that goes beyond the perimeter and
addresses all the network devices, systems and applications that are
within.”

If possible, organizations should architect their networks with
security in mind from inception, she said. Those with already mature
networks should assess whether security is pervasive throughout.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/