Story image

Cost of data breach skyrockets: What can you do?

19 Aug 2015

Today, security should be a top priority for organisations, with data breaches are growing in number and the financial cost growing too.

According to CenturyLink, the average cost of data breach has nearly doubled in the past five years, from $6.46 million in 2010 to $12.9 million today.

Stuart Mills, CenturyLink regional director ANZ, says, “The costs aren’t just monetary. Organisations must understand the other risks including damage to reputation and leaked intellectual property.

“Customers and users place an enormous amount of trust in the companies with whom they do business. A single breach can damage that trust forever. And, if intellectual property is leaked it could sound the death knell for any organisation.”

He says, “Today, security isn’t just about basic monitoring services. Companies have far more to consider than they once did, particularly because of the rise of new technologies and business-use scenarios, like cloud and BYOD.

“Instead, security is a holistic approach to protection, prevention, and response, and it needs to encompass all aspects of technology.”

CenturyLink has identified what organisations should consider when implementing, updating, and enforcing their security policy:

External threats

The number of external threats is growing, making it imperative organisations maintain constant vigilance through a security policy that is constantly updated and enforced, CenturyLink says.

According to the company, the speed at which threats are increasing is exponential. For instance, there are millions of malware variations that enterprises must defend against, but it’s difficult for signature-based malware to keep up.

There are more distributed denial-of-services (DDoS) attacks than ever before, and they vary widely - they can be highly targeted or generic, long in duration or short.

On top of this, they mutate. There’s a new breed of DDoS attacks that use web servers as payload carrying bots, which makes them even more damaging because of exponential performance increases, CenturyLink says.

Furthermore there are application attacks, often targeted at financial systems, which can bring a company to its knees. What is significantly problematic about this is that most organisations don’t know they have been breached until long after the fact, says CenturyLink.

Internal threats

Employees often leak data because security policies are not enforced, CenturyLink says.

External threats are real and dangerous, but internal threats can be just as common and can be just as damaging.

Internal threats are often inadvertent, stemming from a lack of oversight as well as from disgruntled employees who leak sensitive data right after they’re fired, the company says.

Untrained staff

When it comes to security, one key oversight is lack of training. It’s very important for employees know what the security policies are, from what devices they can use to what applications they can download, says CenturyLink.

Shadow IT

More organisations are struggling with shadow IT, which is the use of hardware or software that is not supported or authorised by an organisation’s IT department.

Shadow IT can range from developers using various Software-as-a-Service (SaaS) platforms to employees storing corporate data in cloud storage solutions like Dropbox or Google Drive.

These solutions seem innocuous to most people, which is why employees need to receive comprehensive training about what is a security risk and what isn’t, CenturyLink says.

Compliance

If an organisation isn’t compliant, it’s unlikely to be secure. Consider whether the organisation would pass a compliance audit for security and Payment Card Industry (PCI), says CenturyLink.

Complicating matters is the fact that many organisations don’t even know that governmental compliance regulations apply to them, the company says.

The right partners

More organisations are choosing to outsource security operations. However, when it comes to outsourcing security, it’s truly a buyer beware scenario, according to CenturyLink.

The first step is to understand exactly what needs protection including devices, network, applications, and data. Then, an organisation must determine which components of these are being outsourced.

The second step is to choose the right partner or partners for those specific needs. The more vendors are consolidated, the more efficient the strategy will be, CenturyLink says.

While security is expensive, not having the right security measures in place is even more expensive, according to the company.

Part of choosing the right partner comes down to understanding the balance between performance and cost. Choose a vendor who can help make the right decisions around balancing performance, effectiveness and cost, CenturyLink says.

Physical security

Physical security is the protection of people, hardware, programmes, networks and data from any damage that might occur. If an organisation’s physical system isn’t secure, nothing else matters, says CenturyLink.

Yet physical security is one of the most overlooked aspects of a security strategy. The physical management of data centres includes security policies and procedures, security officer staffing, access control systems, video surveillance systems, standards compliance and physical security designs.

Make sure the data centre complies with standards and conduct annual audits, says CenturyLink.

Yamaha unveils simplified UC deployments
"In this fast-paced world, meeting participants need to be able to feel comfortable and hear those on the far end clearly to brainstorm new ideas and accomplish goals."
French cloud giant sets up shop in two APAC data centres
OVH Infrastructure has expanded its public cloud services in the Asia Pacific (APAC) market operating from two data centres within the region.
Jobs of the future: Will humans outmatch AI co-workers
"Regardless of how the workforce changes, automation, data and algorithms will complement rather than replace human employees."
How IBM’s acquisition of Red Hat could impact your business
The acquisition is pending regulatory approval, but IBM expects the deal to close in the second half of 2019. 
SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Google doubles down on hybrid cloud strategy
CSP is a platform that aims to simplify building, running, and managing services both on-premise and in the cloud.
Why NSP adoption of ECX Fabric is on the rise
ECX Fabric aims to enable networks to streamline their access to the world’s largest cloud providers.
Cloud data warehouse trends and best practices
"TDWI sees a wide range of data-driven IT systems moving to the cloud aggressively, and this includes the data warehouse."