Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Mistakes Approach Malice As Data Breach Cause

Malicious attacks are the leading cause of data breaches, but employee and contractor errors are a growing reason, study finds.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
U.S. businesses that experience a data breach spend about $188 per exposed record in cleanup costs.

That finding comes from the eighth annual Cost of Data Breach report released Wednesday by Ponemon Institute. The report, which was sponsored by Symantec, is based on surveys of 277 businesses across nine countries, and defines an exposed record as "information that identifies the natural person (individual) whose information has been compromised in a data breach."

The study found that each data breach cost U.S. businesses, on average, $5.4 million in 2012, down slightly from $5.5 million in 2011. But Germany, second after the U.S. with a total cleanup cost of $4.8 million, actually had the highest per-record cost of $199. Cleanup costs vary widely based on country due to various factors, such as regulations. The lowest per-record breach costs were reported by businesses in Brazil ($58) and India ($42), with total costs of $1.3 million and $1.1 million, respectively.

[ Yahoo is the latest major company to suffer data theft embarrassment. Read Yahoo Japan Data Breach: 22M Accounts Exposed. ]

Overall, the study found that 37% of breaches stem from malicious attacks, followed by human error or negligence on the part of an employee or contractor (35%), and system glitches (29%). Malicious attacks -- most often malware infections, malicious insiders, phishing attacks, social engineering attacks and SQL injection exploits -- imposed the highest cleanup costs, which include expenses related to detecting and responding to breaches and notifying affected consumers, as well as further cleanup.

While malicious attacks continue to make headlines, employee negligence is a growing concern. "Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22% since the first survey," said Larry Ponemon, chairman of the Ponemon Institute, in a statement.

In fact, causes other than malicious attacks were most often to blame in some countries. Although intentional attacks were the leading data breach culprit in Germany, human error was most often to blame in Brazil, while the leading reported cause of breaches at Indian businesses was traced to system glitches or business process failures.

The industries with the highest breach costs were healthcare ($233 per exposed record), financial services ($215), and pharmaceuticals ($207). Both the healthcare and financial services industries reported that the greatest cost associated with a data breach was lost business -- defined as lost customers, the cost of acquiring new customers and loss of brand reputation.

How can businesses keep data breach cleanup costs under control? According to the study, the top three proactive ways to minimize cleanup costs are to create and maintain a data breach response plan, which reduced per-record cleanup costs by an average of $42 per record for U.S. businesses, followed by having a strong security posture ($34) as well as a chief information security officer ($23).

Issuing data breach notifications to affected customers or consumers remains costly, accounting for 10% of total cleanup costs for U.S. businesses and 7% for German businesses. But the study found that notifying consumers too quickly -- meaning, less than 30 days after a breach -- added an average of $37 to a U.S. business's per-record cleanup costs. That's because by rushing to disclose breaches before wrapping related investigations and forensic analysis, businesses often over-estimate the extent of a breach.

Other factors that lead to costlier breaches include third parties being responsible for the breach, as well as the breach stemming from lost or stolen devices.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
timsed
50%
50%
timsed,
User Rank: Apprentice
6/5/2013 | 10:07:48 PM
re: Mistakes Approach Malice As Data Breach Cause
Thanks for the article Mathew - While I agree that malicious attacks can be costly, employee negligence or mistakes are the most painful. Privileged user access has expanded over the years and more cooks in the kitchen seemingly means more mistakes. As Product Manager for an operational security and change management toolset at Dell, I talk to people who needed to recover from that inadvertent drag and drop, or mistaken change of a value in infrastructure architecture like Microsoft Active Directory. As IT becomes more interconnected across tools, infrastructure and services, what was once a simple mistake can cost companies millions in lost revenue and productivity.

The approach I recommend to people is to put controls in place that not only track changes, but can prevent dangerous or damaging changes - even for privileged users. Unfortunately granularity of infrastructure and management interfaces isn't always what we would like - so you have to find a way to work around it. After all, the problem you prevent is the sweetest time and money you'll ever save!

Thanks again for pointing out the Ponemon Report!

#TimSedlack1

Tim Sedlack
Dell Software, GRC
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...