Despite the increases in education and technological security awareness, breaches continue to soar, and on average IT pros have dealt with six breaches over the course of their professional lives.
That’s according to McAfee’s new report, Grand Theft Data II – The Drivers and Shifting State of Data Breaches. The company surveyed 700 IT security professionals from commercial and enterprise organizations globally to learn about their data breach experiences.
Know more about cybercriminals that continued to target intellectual property by putting the brand reputation at risk
Despite improvements in combating cybercrime and threats, IT security professionals still struggle to fully secure their organizations and protect against breaches, with 61% claiming to have experienced a data breach at their current employer.
Adding this challenge, data breaches are becoming more serious, as cybercriminals continue to target intellectual property, putting the reputation of the company or brand at risk and increasing financial liability.
Vice president and chief technical strategist, Candace Worley tell us that data exfiltration is a risk whether you hold the data in your data center or your provider data center.
If you’re managing your security or you’ve outsourced it to someone else to manage it, you’re ultimately the one that will be held accountable for a data breach. It means that organizations that leverage service providers need to build into the language of their contract that protects them as much as possible in the event of a data breach. For example, the ability to audit security controls, understand where their data is being stored in both primary and back-up versions, SLAs on remediation and liability in the event of a breach and so on.
There is a huge difference between- what the law says and the court of public opinion, Worley said. The laws may be on your side depending on your geography, but if your service provider loses your data, your customers likely will still hold you responsible, she said.
Here are some highlights of the McAfee report
- A wide range of methods is stealing your data now, with no single technique dominating the industry. The top vectors used to exfiltrate data are database leaks, cloud applications, and removable USB drives
- Personally, identifiable information and intellectual property are now tied as the data categories with the highest potential impact, to 43% of respondents
- IT is looked at as the culprit with 52% of respondents claiming IT is at fault for creating the most data leakage events. Business operations (29%) follows as the next most likely to be involved
- Security technology continues to operate in isolation, with 81% reporting separate policies or management consoles for cloud access security broker and data loss prevention, resulting in delayed detection and remediation actions
- There is a rift about accountability, as 55% of IT professionals that believe in C-level executives who should lose their job if a breach is serious enough, yet 61% also state that the C-level executives they work with expect more lenient security policies for themselves
- IT professionals are taking actions, with nearly two-thirds stating they have purchased additional DLP, CASB and endpoint detection solutions over the last 12 months. Respondents believe that between 65 and 80% of data breaches experienced likely would have been prevented if one or more of these systems had been installed
The stakes are advanced as multiple attack methods are now used in a breach as cybercriminals continue to target personal data and intellectual property. In addition, the IT security teams are increasingly concerned about external threat actors compromising their network, which has forced more organizations to publicly disclose when breaches occur.
This is how the severity of publicly disclosing breaches results not only in financial repercussions but also in damage to brand and reputation as well.
Smith Warner, a creative person who puts his skills in Technical writing by making everything easier for readers to understand the complexity of any tech related issue like mcafee.com/activate. Many popular e-magazines have released his articles. He has also been writing to people’s query related to technology.