By Laurence Guihard-Joly
Last August hackers stole personal photos of young actress Jennifer Lawrence and other celebrities from their smartphones and posted them online. Several months later, Sony Entertainment was hacked and the group responsible has routinely leaked troves of sensitive information, including everything from email threads to financial and salary details.
A similar intrusion at JPMorgan Chase late last year compromised the records of 76 million households and seven million business clients. The common thread between celebrity photo hacks and digital corporate invasions is the tools and tactics thieves use to purloin private pics and to steal more lucrative loot are the same – from spreading malware that can damage systems and compromise data to distributing “phishing” emails designed to trick people into sharing passwords and other sensitive info.
But while swiped movie star snaps make for bigger headlines at the supermarket checkout, the danger is much greater from data breaches like the ones at Sony Entertainment and JPMorgan Chase – where the damage can result in lower revenue, lost business, legal exposures and irreparable damage to reputation.
These risks become bigger and guarding against them more difficult as people put their business and personal information “into the cloud” by using mobile devices to purchase consumer goods, monitor health and fitness, pay taxes and manage government benefits, check investment accounts, make bank transfers, and share business correspondence and documents.
For more than a decade, the Ponemon Institute has performed detailed global analyses on the threat and impact of data breaches, and the news this year is not good as hackers and the tools they use become more sophisticated and efficient. Ponemon’s 2015 survey (2015 Cost of Data Breach Study: Global Analysis) of more than 350 companies showed that the cost of such intrusions is now roughly $3.8 million per incident, up 23 percent over the past two years. Average cost per record of sensitive information compromised has risen by 6 percent to $154 over the past year.
The latest Ponemon study highlights three key new findings that illustrate how detecting and preventing such breaches is a rising priority for many companies as the frequency and severity of these intrusions increases:
- Security starts at the top – The focus on data breaches is rising to the top of the business, with senior leaders becoming involved in decisions to increase investments in security and insurance out of concern not only for near-term costs but also long-term impacts on reputation and business prospects. The survey shows for the first time that board-level involvement decreases intrusion costs by $5.5 per compromised record;
- Time is not on your side – For the first time, the survey showed a direct correlation between how quickly an organization detects and stops a breach and the overall cost, with the average time it takes to identify a malicious attack being 256 days. The more time intruders have to poke around in your system, the greater the damage and the more they can steal. Consider that the Sony Entertainment intrusion went on for more than a year before anyone even discovered it;
- Be Prepared – Having a comprehensive security policy means having all the right people involved across the business. For example, the study said early involvement of the Business Continuity Management team in remediation of intrusions can lower the costs of a breach by an average of $7.1 per record. The BCM team focuses daily on the resiliency of IT systems, guarding against a range of threats including natural disasters, civil unrest and, yes, security breaches. If you have to take a server, a database, or data center down to fix a security breach, it’s the Business Continuity Management team who can keep the business up and running by using the data backup or moving the work to another location.