Breach Force: Monster Breaches, Honey Pots, Deception Tech + Data Handling Gets a Wake-Up
In this episode of "Breach Force", we put a dollar amount on the cost of "Monster Breaches", hear about sophisticated methods to identify attackers and see how important advanced analytics are shaping today's technology landscape.
In our top story, massive companies with seemingly endless resources are falling victim to external attacks. That means companies of all sizes must remain vigilant in their cybersecurity efforts, right?
At least that is the thrust of a new research conducted by cybersecurity experts at Bitglass. They researched the three largest data breaches of publicly traded companies from each of the last three years in order to uncover cybersecurity trends and demonstrate the extensive damage that can be done by improper security.
Among the incidents detailed in the report are the Marriott breach of 2018, the Equifax breach of 2017 and the Yahoo! breach of 2016.
"The largest breaches over the past three years have caused massive and irreparable damage to large enterprises and their stakeholders around the globe," said Rich Campagna, CMO of Bitglass. "This should serve as a stark warning to organizations everywhere."
Check out a new episode of "Breach Force" on YouTube (https://youtu.be/
"Kings of the Monster Breaches" explored the causes, repercussions and company responses for each of these preeminent breaches.
The key findings were:
• The mean number of individuals directly affected by each breach was 257 million.
• To date, these breaches have cost their companies an average of $347 million in legal fees, penalties, remediation costs and other expenses.
• The average post-breach market cap decrease was $742 million (this excludes the outlier Facebook breach which lost $43 billion in market cap).
• It took an average of 46 days for the companies' stock prices to return to their pre-breach levels – Equifax's stock price still has yet to recover.
How far will companies go to identify attackers? Pretty darn far, says new research from NISC.
One in five companies are already using forensic investigations and other sophisticated methods to identify their attackers. These are things like honey pots and repositories of fake data to give attackers the idea they've hit real data while acting as a diversion tactic.
72 percent of respondents said their organization either already uses or would use honey pots or deception technology. Furthermore, 71 percent of respondents would let hackers take the fake or booby-trapped document to gather counterintelligence – rather than shutting down an attack as soon as a bad actor engages with a deceptive file – in an effort to identify the thieves later or reveal information about the location, ownership and possible vulnerabilities of the hackers' machines.
"Security leaders increasingly feel that breaches are inevitable" said Rodney Joffe, SVP at NISC. "There is a growing appetite for advanced forensic tools that can deliver insights around attacker attribution and tactics in real-time."
Whether they opt to use them like an alarm system, ejecting bad actors from the network upon contact with a honey pot or deceptive file, or for a more sophisticated counterintelligence operation that gathers vital information on attacker movements and methods, cybersecurity professionals want solutions that can provide better real-time awareness and understanding of the enemy.
Asked to rank cyber threats in order from greatest to least concern, respondents ranked DDoS attacks as the top concern, as in the previous survey, followed closely by system compromise and loss of intellectual property.
Meanwhile, today's technology landscape demands that companies determine how to manage and secure data in a connected ecosystem, as well as embrace it to create competitive advantages.
The key concerns for IT decision-makers in this environment are cybersecurity, the ability to upgrade infrastructure and optimizing IT operations, according to a study conducted by Insight Enterprises that really reinforces many things we have been hearing.
The study examined how companies manage digital innovation, the cloud and data center, the modern workplace and IT supply chain management. Fifty percent of IT pros say advanced analytics — enabled by artificial intelligence (AI), big data, machine learning and deep learning — have been critical to their transformation initiatives over the past two years. Looking ahead, 44% believe AI and machine learning will most significantly impact the future of IT.
Amid these advancements, security looms large as the top concern for IT professionals. In fact, when asked to volunteer any IT issue that keeps them up at night, security was the top answer for more than one in three respondents.
"There is no greater reality check today in technology than how a business handles its data — it creates the most challenges and opportunities"
The main takeaways were as follows:
1. Digital innovation is a business imperative; IT says they're getting it right.
2. All companies are becoming data-driven, but enabling it first means security
4. Automation, e-procurement are key links to strengthen the IT supply chain.
"Breach Force" is produced by The TVP, and sponsored by RestonLogic, cloud wizards leveraging over 10 years experience helping companies automate, transform and build highly-secure and stable systems. Click over to RestonLogic dot com to book a strategy session today.
Disclaimer: The blurbs highlighted on "Breach Force" are available for information purposes only, and don't necessarily reflect opinions of our editors.
Page Updated Last on: Jun 30, 2019