There is a very good possibility that your company was breached in 2014 since about three out of four organizations suffered a breach last year, according to research by QuinStreet.
No wonder 2014 was dubbed the Year of the Data Breach.
Breaches come with consequences, of course, as the study showed. And eSecurity Planet explained how they affect business:
Those breaches have an impact on the organizations involved, including potential revenue losses. Another financial impact is increased security spending, with 44 percent of respondents to the QuinStreet study indicating that security budgets grew after a breach incident.
Yet, despite the increased budgets, organizations continue to struggle with security practices. A new study by EiQ Networks found that 72 percent of companies don’t see themselves as well-prepared for a (almost inevitable, it seems) data breach. Also, this study found that more often than not, security budgets do not include cyber insurance. Help Net Security added that the problem for most companies is that they simply don’t have anything in place for when that breach or other security incident occurs:
Lack of process was a top concern with 62 percent of IT pros noting they have either ‘no process’ or a ‘partial process’ in place to detect and respond to a security incident. Moreover, only 15 percent of companies surveyed believe their employees are ‘well prepared’ to spot the signs of an attack and react accordingly.
These studies mirror one by RSA, which found that at least a third of the participants don’t have any incident response plan in place, and even among those that do have such a plan, more than half haven’t bothered to review it or update. That has me shaking my head, to be honest. One of the few constants on the security landscape is how much the nature of threats changes. Attackers are more sophisticated. Insider threats are becoming more complex, as well. Even the attack point is always changing. I’m not sure how you can know that and not take the time to update your security plan.
In a ComputerWeekly article, Dave Martin, chief trust officer at RSA, may have hit on why organizations are struggling with adopting better security protections and instituting solid security plans:
As business has become increasingly digital, information security has become a key area of operational risk, and while many organisations may feel they have a good handle on their security, it is still rarely tied in to a larger operational risk strategy, which limits their visibility into their actual risk profile.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba.