Vulnerabilities / Threats

02:30 PM
Marc Wilczek
Marc Wilczek
Connect Directly
E-Mail vvv

Data Breach Threats Bigger Than Ever

A quarter of IT and security leaders expect a major data breach in the next year.

In its 2018 Strategic Security Survey (registration required), Dark Reading polled some 300 IT and security leaders and found that more organizations, not fewer, expect to face data breaches in the coming year compared with the previous year's survey. Moreover, the companies believe they're not fully ready to protect their data against intruders.

A large proportion of respondents expect that staffers with privileged access might be the source of a breach, but they're also wary of attackers from outside mounting one of many sophisticated new attacks. A growing attack surface, distributed denial-of-service extortion, targeted attacks, and ransomware are contributing to the unease that many organizations sense. But concerns about overstaffing and budgets seem to have abated compared to the level of worry expressed in 2017. Almost one in five (19%) respondents said they believe their companies are more vulnerable to data breaches than a year ago, a somewhat higher number than the 17% who felt that way last year. The proportion of respondents who believe their company's data-breach exposure hasn't changed has dropped. In Dark Reading's 2017 survey, 55% of respondents said their vulnerability to data breaches had remained stable over the past 12 months; this year, only 48% made that claim.

These results are worrying. The money poured into cybersecurity has skyrocketed in recent years, yet most companies feel that investment hasn't translated into the ironclad security they need.

Cybercrime and Targeted Attacks on the Rise
Sixty-one percent of respondents said that the most likely reason for a major data breach next year would be a negligent end user or an employee breaking the company's Internet-use policy. This gloomy prediction is probably attributable to the hugely disruptive successes that hackers have racked up by targeting corporate end users and executives.

That said, just over half of the survey respondents said cybercriminals are the biggest threat to their security. Twenty-six percent of IT departments expect a serious breach next year stemming from a targeted attack, and 21% have already experienced one, up from 17% who reported having one in last year's survey. Another reason why targeted threats are a growing problem is simply that more people are aware of them. In the last few years, Western intelligence agencies have uncovered state-sponsored attackers — especially from Russia, China, and North Korea — who are launching laser-targeted assaults on companies with critical infrastructure.

The Cost of an Average Breach: $3.62 million
Last year, the Ponemon Institute estimated the average global cost of a data breach was $3.62 million, or about $141 per record. Costs in the US are nearly twice that. Cyberattacks of any kind can have brutal financial ramifications: 17% of respondents lost between $100,000 and $999,999, 9% lost between $1 million and $4.9 million, and 2% lost more than $5 million.

One might think that with so much money at stake, top executives would be spending more time learning how to make their companies more secure. Some of them are: 25% of the IT and security pros in the Dark Reading survey are satisfied that their corner-office teams are sufficiently security-savvy. But 39% say their top managers understand the business risks of data breaches but aren't sure how to quantify them. Both numbers are lower than the 29% and 45% reported last year. A quarter of respondents said their top managers don't really get how breaches might disrupt or even destroy the business, compared with 18% who reported a similar lack of comprehension last year. The numbers suggest that top managers are getting worse, not better, at grasping the potential consequences of data breaches.

App Security Emerges as Weakest Link in the Value Chain
Yet another cyber vulnerability is rooted in applications. Forty-two percent of the survey respondents say bugs in programs are their biggest data security threat, a percentage  in line with the 41% reported in the 2017 survey. These security concerns are familiar: Countless security studies and reports in the past few years have shined a spotlight on the high prevalence of vulnerabilities such as SQL injection and cross-site scripting. More recently, these issues have grown worse because of the rising popularity of software development models such as DevOps and agile, which tend to prioritize speed of development and delivery over security. Experts in the latter sphere also worry about the frequent use of open source code in today's software because some of it may undergo insufficient security testing.

Once again, malware and phishing were cited as the top two online problems. While 52% of respondents said they had suffered a malware-related breach, 48% said they'd been phishing targets. Ransomware was the third most-cited reason for a security breach in 2017, but the proportion of respondents (16%) that said they'd been victims of a ransomware attack was down substantially from previous surveys.

Evidently, data breach concerns are higher than ever —although more people are aware of breaches and are spending more money on cybersecurity solutions to prevent them. The growing number of highly sophisticated threats and targeted attacks is not only wreaking financial damage but also leaving many organizations wondering whether they're capable of doing enough to protect their data. Compared with last year, more organizations expect to suffer a major breach in the next 12 months, and most feel that breach will stem from an employee's careless actions rather than an outside attacker. Perhaps most troubling, top management seems to be less security-savvy than last year. It's clear that many organizations will run into some major potholes on the Internet highway in the coming year.

Related Content:


Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-12-18
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
PUBLISHED: 2018-12-18
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input.
PUBLISHED: 2018-12-18
IBM Event Streams 2018.3.0 could allow a remote attacker to submit an API request with a fake Host request header. An attacker, who has already gained authorised access via the CLI, could exploit this vulnerability to spoof the request header. IBM X-Force ID: 150507.
PUBLISHED: 2018-12-18
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server to...
PUBLISHED: 2018-12-18
There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file.