Cyber Security Woes Continue To Haunt Companies

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.bidnessetc.com/27123-cyber-security-woes-continue-to-haunt-companies/

Sears Holdings Corp’s (SHLD) discount department store chain, Kmart, got
its name added to the list of companies molested by hackers this year. The
retailer claims to have lost debit and credit card data in a cyber breach
that is reported to have started in September. The company is yet to
discover the exact extent of the hacking incident.

Breaches in cyber security are costing companies almost twice on average,
compared to four years ago. Such incidents, on average, drain away $12.7
million from a victim company, in activities ranging from trade disruptions
to informing customers and tightening security. According to Ponemon
Institute, the comparable statistic for 2010 was $6.5 million.

The study on hacking events also shows that the number of successful
breaches has gone up 144% compared to four years ago. In addition, cyber
attacks have become increasingly sophisticated in nature, outpacing
developments in defense mechanisms. This means that it now takes more time
for companies to detect the malware, and the resultant financial damage is
much greater.

PwC’s research reveals that reported incidents of cyber crimes have
increased 48% in the past twelve months to 42.8 million – nearly 120,000
per day. The study also shows that the sharp surge in security breaches was
accompanied, surprisingly, by declining security budgets. The survey,
incorporating 10,000 top officials, reveals that companies are allocating
4%, on average, to their security budgets, compared to 2013 levels.

Retailers, of late, have been under the “cyber security” gun. Just last
month, The Home Depot, Inc. (HD) experienced a massive intrusion in which
details of 56 million payment cards were compromised. The cyber attack –
biggest ever on a retailer – went on for nearly five months before being
flagged.

Target Corporation (TGT) was also a major hacking victim. In last year’s
holiday season, up to 40 million card accounts were affected. In the wake
of the incident, Target reportedly suffered a monetary loss of $148
million, on top of losing its then-CEO, Gregg Steinhafel.

The latest Kmart attack was detected on Thursday, and is currently under
investigation with help from security companies and law enforcement
agencies. The company released a statement saying: “We sincerely apologize
for any inconvenience this may cause our members and customers. We want our
members and customers to be aware of the situation and we suggest that
customers carefully review and monitor their debit and credit card account
statements.”

Kmart President Alasdair James said that the company was targeted with a
unique malware which the current antivirus programs failed to detect. Kmart
maintains that important customer information like debit card PINs, social
security numbers, and email addresses do not appear to have been stolen in
the debacle. Online shoppers were also not affected by the attack.

US companies have been gravely affected by cyber crimes, with average
monetary downfall of $12.7 million per incident. Germany, Japan, and France
follow next, with companies in these countries losing $8.1 million, $6.9
million, and $6.4 million per breach, on average, respectively.

Hacking incidents have encompassed almost all sectors. Companies in
financial and energy sectors have suffered the biggest losses. Technology
sector follows next; the damage in healthcare, however, has been relatively
less.

JPMorgan Chase & Co. (JPM), the largest US bank by assets, suffered a major
blow a few days back. The company fell victim to a cyber attack which
compromised personal information of 76 million households and 7 million
small businesses. Thankfully for the bank, there was no fraudulent
activity, as clients’ account numbers and social security numbers were not
compromised.

Such a large-scale hacking incident did ring some alarm bells for JPMorgan.
The company’s CEO, Jamie Dimon, vowed to enhance the $250 million security
expenditure and hire more professionals to prevent a similar incident in
the future.

Mr. Dimon said: “It’s about firewall protection, it’s about internal
protection, it’s about vendor protection, it’s about everything that hooks
up into you. There will be a lot of battles. Unfortunately some will be
lost.”

The technology sector itself is not safe from these attacks. Apple Inc.
(AAPL) saw iCloud accounts of some celebrities being hacked last month.
Although the company said its servers were not breached, experts claimed
that such incidents could be prevented by providing additional layers of
security.

A Ponemon study from earlier this year surveyed 674 IT and security
professionals. According to the survey, 57% of the professionals believe
that their company would experience a breach within the next twelve months.
Prevention against these attacks will require more investment in security
intelligence tools, which will enable the companies to detect potential
hackers prior to the incident. It is also important that security
departments be taken more seriously by respective organizations, and be
assigned strong leaders.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!