Attacks/Breaches
3/19/2014
01:06 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Many Businesses Fail To Disclose Data Breaches

Only about 35% of businesses worldwide say they share attack and threat information with others in their industry, even though 77% admit to suffering from a cyberattack.

There are likely many more breached retailers than Target, Neiman Marcus, Michaels, and Sally Beauty either unaware that they have been hit or not yet ready to go public. There also are many data breaches, even at retailers, that may never see the light of day: As a matter of fact, some 57% of organizations worldwide say they do not voluntarily report hacks that aren't bound by disclosure laws.

So says a new report published Tuesday by Arbor Networks and The Economist Intelligence Unit, which surveyed some 360 C-level or board-level business executives around the globe on their incident-response posture. Some 77% of the respondents say their firms had been hit with a cyberattack in the past two years, but only about 35% say they share attack and threat information with other organizations in their industry, 32% say they do not share such intelligence, and 27% did not say one way or the other.

"Only a third of companies are willing to share information about incidents with other organizations ... But these days, the only way to defend is sharing," says Dan Holden, director of Arbor's ASERT.

Threat and attack intelligence-sharing is widely considered crucial to fight the bad guys and to give organizations information to prepare or defend against attack campaigns.

Read the rest of this story on Dark Reading.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Stratustician
50%
50%
Stratustician,
User Rank: Moderator
3/22/2014 | 12:03:57 PM
Re: No doubt.
The problem is that there is such a stigma attached with being breached (rightfully so), that unless they are mandated by the government or law enforcement, organizations have zero incentive to notify customers that there has been an incident. It's about balancing corporate image and brand and the safety of their customers.  Many organizations feel that it's better to keep these incidents under wraps unless they are forced to admit there was an incident for fear of brand damage and customer fallout.  On the other side, as a consumer, I have to accept that these things happen. Ofcourse no one wants to be involved in these incidents from a liability side, and I am reminded every time I have to change a password or a PIN due to an incident, but the reality is that I'm a lot less critical of a company if they proactively tell me they had an incident, as opposed to those who hide it.  These things sadly happen, and the reality is that these attacks are so sophisticated it's almost impossible to protect against (ofcourse there are exceptions to this, many breaches are caused by bad security practices too), but I think companies underestimate consumers if they think hiding an incident is a better choice than proactively telling their customers "sorry, we screwed up, but at least we're being honest".

Customers will forgive and forget if they feel they were respected.  
pfretty
50%
50%
pfretty,
User Rank: Apprentice
3/21/2014 | 11:47:55 AM
No doubt.
Cyber crime is increasing in volume -- up twenty percent in 2013 according to the HP Ponemon Cost of Cyber Crime Report (http://www.hpenterprisesecurity.com/ponemon-study-2013). At the same time the cost of attacks is up 30 percent as well. This should be a spotlight on the importance of having more intelligence based strategies in effect. 

Peter Fretty, j.mp/pfrettyhp
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.