The real cost of a security breach: 1 to 53 million USD per year
If you had any doubt that security breaches cost companies a lot, it is all clear now – the damages companies have to deal with after one breach are overwhelming! According to recent reports by te Ponemon Institute, organizations get hit by at least one successful attack per week, and the annualized cost to their bottom lines from the attacks ranges from1 million to 53 million USD per year. The reports were based on the analysis of 45 U.S. organizations hit by data breaches.
Ponemon Institute’s released two separate reports, ”The First Annual Cost of Cyber Crime Study” (PDF), which was sponsored by ArcSight, “The Leaking Vault” (PDF) released today by the Digital Forensics Association, both showing troubling findings for companies’ finances: Read more
UK: Information Commissioner’s Office reports that the NHS has disclosed 305 security losses, as the amount of breaches tops 1,000
Over more than 1000 data losses for the NHS. This is a new record.
Of which alone 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.
The Information Commissioner’s Office has warned organisations that they need to minimise the risk of mistakes, as the amount of losses reported tops 1,000.
The ICO claimed that staff need simple procedures on how to handle personal information with appropriate training to ensure the importance of securing it is fully understood. It also said that it is essential that the protection of people’s personal information is part of organisations’ culture and DNA.
An ICO report revealed that 254 breaches were as a result of information being disclosed in error, 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.
A further 83 were due to a technical or procedural failure and 59 were lost in transit. A breakdown of companies revealed 305 incidents were recorded by the NHS, 288 in the private sector and 132 by local government. Only 81 incidents were the result of central government.
David Smith, deputy commissioner at the ICO, said: “We all know that mistakes can happen but, the fact is that human error is behind a high proportion of security breaches that have been reported to us. Extra vigilance is required so that people’s personal information does not end up in the wrong hands.
“Organisations should have clear security and disclosure procedures that staff can understand, properly implement these and ensure that they are being followed by staff. Staff must be adequately trained not just in the value of personal information, but in how to protect it.
“We are keen to work with organisations to prevent breaches happening in the first place and to help ensure that things are put right when they do go wrong.”
Source and full article: SC Magazine
My Endpoint Protector makes its way into Japan
The in-the-cloud data loss prevention and endpoint security solution developed by CoSoSys has just been launched on the Japanese market by their local partner, Uptown Inc. For those new to the Security as a Service world of endpoint security, My Endpoint Protector is the world’s first software as a service application for device control and data loss prevention that helps companies manage internal and external threats effectively, thus dodging the overwhelming threats harbored by the broad use of portable storage devices and at the same time avoiding to put unnecessary pressure on IT departments and budgets.
My Endpoint Protector’ main benefits include:
- Proactive protection against data loss, data theft, data leakage and malware infection by controlling the use of portable devices
- Protection for Windows PCs (7 / Vista / XP) and Mac OS X
- Effective device management and control by defining specific usage rights for both devices and employees accessing the network
- Centralized Web-based interface for ease of management and reporting, plus real-time monitoring of devices
Video: Controlling Device use in your office is a must to protect your data
Endpoint Protector for Device Control explained in plain English
You can try it yourself today. Visit www.EndpointProtector.com
Conficker: Worm turns 1 year and is still armed and dangerous
One year after the Conficker botnet was front-page news around the world it is still controlling approximately 6 million PCs around the world. IT Security Experts describe it like a loaded gun that can go off anytime if it is not stopped.
The Conficker worm has distributed itself throughout and across networks on portable storage devices and continues to do so on unprotected PCs.
Now the U.S. Department of Homeland Security is preparing a report looking at the worldwide effort to keep it in check.
“We said, ‘This was a very good example of the private sector, globally, working together to try to solve a cybersecurity attack, so let’s fund the creation of a lessons-learned report to just document what worked, what didn’t work,’” said Douglas Maughan, a program manager with the Department of Homeland Security’s Science & Technology Directorate.
The report could provide a template for future cyber-responses, security experts say.
Conficker began spreading in November 2008, infecting computers via a variety of means, including an attack exploiting a known flaw in Microsoft Windows.
Though it is still thought to control between 4 million and 7 million computers, Conficker was only briefly put to use, in April 2009. It’s as if the massive amount of scrutiny it generated eventually frightened away its creators — a good thing, since it controls enough computers to create a withering distributed denial-of-service attack.
Full Story on Computerworld
