The tenth annual 2015 Cost of Data Breach Study, conducted by Ponemon Institute and sponsored by IBM, reports that the average cost for each lost or stolen record with sensitive or confidential information as grown from $201 to $217, and the average cost paid by companies located in the U.S. has gone from $5.9 million to $6.5 million. That is an 11% increase in the total cost of data breach, and there has been an 8% increase in the cost per lost or stolen record. 49% of data breach incidents are malicious or criminal attacks, 19% caused by negligent employees, and 32% result from glitches.
The 2015 Internet Security Threat Report by Symantec informs that in 2014 there were 23% more data breaches compared to the previous year, calling it the Year of the Mega Breach. Ransomware attacks grew 113% last year, with more than a 4,000% increase in crypto-ransomware attacks. Grayware apps (designed to track user behavior) accounted for 36% of all mobile apps, and Malware in disguise accounted for 17% of all Android apps (nearly one million total). The Internet hubs, switches, and routers and the emerging IoT device space are constantly under attack. By the spring of last year, Symantec had identified 31,716 devices that were infected with malware. At least the email phishing rate has gone down to 1 in 965 emails last year as compared to 1 in 392 the year prior.
While cybercrime is often directed at enterprises target payment and identity theft, stealing of commercial and military secrets, and other malicious and criminal activities, a lot of the attacks do not come from any hacking. “I think that folks don’t understand that attacks occur thousands of times an hour,” stated Rick Orloff EBay’s Security Chief in a Q&A with The Associated Press. “They can be email attacks, they can be phishing attacks.” Orloff went on to say that a lot of folks don’t understand that one of the most successful attacks is through social engineering and phishing, i.e. end-user behavior, and advises that people should be very cautious about what they do with their email.
As IT systems evolve and grow more complex every day, so do security needs. With sensitive information everywhere from cloud and big data environments, to countless devices via the Internet of Things protection and response becomes more and more critical. Some of the companies taking on this challenge include Voltage whose proven data-centric encryption and tokenization technology in conjunction with HP’s information security and encryption business helps companies protect their client’s most sensitive information whether it lives in the cloud, across mobile platforms, in big data environments, or within legacy computer systems for critical regulatory compliance.
Managing so many distributed data sites and the devices used to connect is a job of monstrous proportions. Introducing Celestix Networks who provides network security solutions that enable the simple deployment of secure remote access connectivity across the cloud and distributed offices. Leveraging significant experience in the remote access and authentication markets, the company is extending its portfolio into the Cloud managed appliance security market.
There’s an app for that, and it has made mobile the cornerstone of the global economy. 127 billion apps were downloaded for free in 2014, and over 11 billion paid apps, and there’s growth projected. According to Arxan’s State of Mobile App Security report, 97% of top paid android apps and 87% of top paid iOS apps have been hacked; and 80% of the most popular free Android apps have been hacked, along with 75% of the most popular free iOS apps. Arxan’s harnesses military grade software security technology to support commercial customers worldwide with a full range of application protection needs to protect the App Economy. The proven security products and solutions have become an industry standard selected by global leaders in software publishing, financial services and enterprises to digital media and gaming providers and critical infrastructure providers.
A leader in anti-spam technology providing high performance messaging security solutions to the world’s largest ISPs, mobile and social networks, Cloudmark’s Security Platform for DNS delivers advanced protection for the Domain Name System, allowing service providers and enterprises to quickly identify and block many DNS-borne threats that cause data breaches, malware infestations and network outages. And the new version of Cloudmark Security Platform for Email offers key enhancements for flexible deployment, simplified policy management, increased message-delivery control and optimized message-handling performance.