dcsimg

Alarming Number of Companies Don’t Disclose Data Breaches

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Email  
Slide Show

Harsh Security Standards May Lead to More Security Breaches

Which situation do you think is worse: Your company getting a public relations and/or consumer confidence hit because you revealed that your network was breached or not disclosing the breach at all?

Based on a recent ThreatTrack report, a lot of employers out there think the PR situation must be the worst scenario. The survey, conducted by Opinion Matters, includes feedback from 200 security professionals dealing with malware analysis within U.S. enterprises. It found that nearly 6 in 10 malware analysts have investigated or addressed a data breach that was never disclosed by their company.

In addition to not being totally open with their customers, the ThreatTrack report shows that the data breach problem is a lot worse than any of us thought. According to Verizon’s 2013 Data Breach Investigations Report, there were 621 confirmed data breaches last year. But if nearly 60 percent of malware analysts say the breaches they investigated internally were never reported, it is a good bet that 621 breaches is a low number. A very low number.

It also seems like the larger the company, the less apt the company is to report a data breach. As eSecurity Planet pointed out, “at companies with more than 500 employees, 66 percent of respondents said they had handled undisclosed data breaches.”

ThreatTrack CEO Julian Waits, Sr. said in a statement:

While it is discouraging that so many malware analysts are aware of data breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring. Every day, malware becomes more sophisticated, and U.S. enterprises are constantly targeted for cyber espionage campaigns from overseas competitors and foreign governments. This study reveals that malware analysts are acutely aware of the threats they face.

However, companies of all sizes aren’t doing themselves or anyone else any favors by not reporting when breaches do happen  or not revealing how a malware attack affects business networks and operations. Security is a cooperative venture. The best way to combat attacks is to share information. When company A discovers a new strain of malware and shares information about it, company B’s security software is upgraded to catch it. Not revealing the breaches and malware attacks not only hurts IT security efforts, it is also dishonest to everyone the company serves.

NewsletterITBUSINESSEDGE DAILY NEWSLETTER

SUBSCRIBE TO OUR DAILY EDGE NEWSLETTERS