Attacks/Breaches

6/5/2013
12:16 PM
50%
50%

Mistakes Approach Malice As Data Breach Cause

Malicious attacks are the leading cause of data breaches, but employee and contractor errors are a growing reason, study finds.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
U.S. businesses that experience a data breach spend about $188 per exposed record in cleanup costs.

That finding comes from the eighth annual Cost of Data Breach report released Wednesday by Ponemon Institute. The report, which was sponsored by Symantec, is based on surveys of 277 businesses across nine countries, and defines an exposed record as "information that identifies the natural person (individual) whose information has been compromised in a data breach."

The study found that each data breach cost U.S. businesses, on average, $5.4 million in 2012, down slightly from $5.5 million in 2011. But Germany, second after the U.S. with a total cleanup cost of $4.8 million, actually had the highest per-record cost of $199. Cleanup costs vary widely based on country due to various factors, such as regulations. The lowest per-record breach costs were reported by businesses in Brazil ($58) and India ($42), with total costs of $1.3 million and $1.1 million, respectively.

[ Yahoo is the latest major company to suffer data theft embarrassment. Read Yahoo Japan Data Breach: 22M Accounts Exposed. ]

Overall, the study found that 37% of breaches stem from malicious attacks, followed by human error or negligence on the part of an employee or contractor (35%), and system glitches (29%). Malicious attacks -- most often malware infections, malicious insiders, phishing attacks, social engineering attacks and SQL injection exploits -- imposed the highest cleanup costs, which include expenses related to detecting and responding to breaches and notifying affected consumers, as well as further cleanup.

While malicious attacks continue to make headlines, employee negligence is a growing concern. "Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22% since the first survey," said Larry Ponemon, chairman of the Ponemon Institute, in a statement.

In fact, causes other than malicious attacks were most often to blame in some countries. Although intentional attacks were the leading data breach culprit in Germany, human error was most often to blame in Brazil, while the leading reported cause of breaches at Indian businesses was traced to system glitches or business process failures.

The industries with the highest breach costs were healthcare ($233 per exposed record), financial services ($215), and pharmaceuticals ($207). Both the healthcare and financial services industries reported that the greatest cost associated with a data breach was lost business -- defined as lost customers, the cost of acquiring new customers and loss of brand reputation.

How can businesses keep data breach cleanup costs under control? According to the study, the top three proactive ways to minimize cleanup costs are to create and maintain a data breach response plan, which reduced per-record cleanup costs by an average of $42 per record for U.S. businesses, followed by having a strong security posture ($34) as well as a chief information security officer ($23).

Issuing data breach notifications to affected customers or consumers remains costly, accounting for 10% of total cleanup costs for U.S. businesses and 7% for German businesses. But the study found that notifying consumers too quickly -- meaning, less than 30 days after a breach -- added an average of $37 to a U.S. business's per-record cleanup costs. That's because by rushing to disclose breaches before wrapping related investigations and forensic analysis, businesses often over-estimate the extent of a breach.

Other factors that lead to costlier breaches include third parties being responsible for the breach, as well as the breach stemming from lost or stolen devices.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
timsed
50%
50%
timsed,
User Rank: Apprentice
6/5/2013 | 10:07:48 PM
re: Mistakes Approach Malice As Data Breach Cause
Thanks for the article Mathew - While I agree that malicious attacks can be costly, employee negligence or mistakes are the most painful. Privileged user access has expanded over the years and more cooks in the kitchen seemingly means more mistakes. As Product Manager for an operational security and change management toolset at Dell, I talk to people who needed to recover from that inadvertent drag and drop, or mistaken change of a value in infrastructure architecture like Microsoft Active Directory. As IT becomes more interconnected across tools, infrastructure and services, what was once a simple mistake can cost companies millions in lost revenue and productivity.

The approach I recommend to people is to put controls in place that not only track changes, but can prevent dangerous or damaging changes - even for privileged users. Unfortunately granularity of infrastructure and management interfaces isn't always what we would like - so you have to find a way to work around it. After all, the problem you prevent is the sweetest time and money you'll ever save!

Thanks again for pointing out the Ponemon Report!

#TimSedlack1

Tim Sedlack
Dell Software, GRC
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.