2014 Mega breaches: 5 key takeaways

This is the first in a series of blog posts concerning IT security and trends for 2015.

A new study by the Ponemon Institute outlines how the mega security breaches of 2014 are changing attitudes towards IT security.

The breaches affected the personal records and credit card information of more than 350 million people. The financial toll is estimated to be billions of dollars in cleanup expenses, fraud response costs, lost market valuation, reputation damage, lawsuits, and related expenses. IT managers face mega challenges as they try to protect data containing credit card information, financial transactions, and other personal information.

In this January 2015 study, 735 IT security practitioners were surveyed about the impact of the mega breaches on their budgets and compliance practices. Here are five key takeaways from the results.

1. More resources are allocated to preventing, detecting, and resolving data breaches.
61% percent of respondents say their budget or security increased by an average of 34%. 65% of respondents say the increased budget enabled investment in security technology to prevent and/or detect breaches.

The top five technology investments are:

  1. Security Incident & Even Management (SIEM) (50%).
  2. Endpoint security (48%).
  3. Intrusion detection and prevention (44%).
  4. Encryption and tokenization (38%).*
  5. Web application firewalls (37%).
ponemon-institute-graph-1

Source: Ponemon Institute

2. Senior management level of concern about cyber defense has risen dramatically to 7.8.
Before the Target breach, the level was 5.7 out of ten. In addition, 55% of respondents rate senior management’s concern as extremely high. Prior to the Target breach, only 13% of respondents believed senior management was extremely concerned. Overall concern among C-level executives was up by about 37%.

ponemon-institute-graph-3

Source: Ponemon Institute

ponemon-institute-graph-2

Source: Ponemon Institute

3. Senior management realizes the need for a stronger cyber defense posture.
The majority of respondents (72%) reported that after the breaches, their companies provided tools and personnel to contain and minimize breaches. 67% say their organization made sure IT had the budget necessary to defend against breaches.

4. Companies have changed their operations and compliance processes.
60% of respondents say they made changes to operations and compliance processes to improve their ability to prevent and detect breaches.

5. Many companies fail to prevent the breach with the technology they currently have.
65% of respondents say that attacks evaded existing preventive security controls. 46% say the breach was discovered by accident.

*If you are considering solutions that ensure PCI compliance, the Black Box EncrypTight™ system provides multi-site WAN encryption at speeds up to 10-Gbps and across Layers 2-4. It also eliminates the hassles of creating and managing numerous VPN tunnels.

Solution Briefs
PCI DSS Compliance
Network Security for Finance

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s