Tag Archives: Ponemon Institute

Immediate Vault

The Cost of a Data Breach

Posted on by

Six years ago, The Ponemon Institute conducted its first “Cost of a Data Breach” study in the United States. Since then, the independent research firm has expanded into the United Kingdom, Germany, France and Australia. This most recent study focuses on actual data breach experiences of 51 U.S. companies from 15 different industry sectors.

The results of Ponemon’s 2010 study, which were released this month, find that:

  • For the first time, malicious or criminal attacks are the most expensive cause of data breaches and not the least common one
  • Organizations are more proactively protecting themselves from malicious attacks
  • Companies’ investments in finding and remediating data breaches may be paying off
  • For the third straight year, direct costs accounted for a larger proportion of overall data breach costs

Other important findings include: more organizations favor rapid response to data breaches, and that is costing them greatly; for the fifth year in a row, data breach costs have continued to rise (the average cost of a data breach in 2010 increased to $7.2million, up 7% from $6.8million in 2009); breaches by third-party outsourcers are becoming slightly less common but much more expensive; more companies had better-than-average security postures, and those organizations enjoyed much lower data breach costs.

buy cellcept online orthomich.com/img/blog/jpg/cellcept.html no prescription pharmacy

The report points to popular and effective technologies that are currently available to secure data both within an organization and among business partners.

buy periactin online orthomich.com/img/blog/jpg/periactin.html no prescription pharmacy

They include:

  • Encryption (including whole disk encryption and for mobile devices/smartphones)
  • Data loss prevention (DLP) solutions
  • Identity and access management solutions
  • Endpoint security solutions and other anti-malware tools

October: A Busy Month for Data Breaches

Posted on by

Every company, no matter what industry it is aligned with or what country it is based in, is vulnerable to losing sensitive data, either accidentally or by malicious endeavors. The Ponemon Institute has found that the average cost of a data breach in 2009 was an incredible $3.4 million. And, unfortunately, the frequency with which these breaches occurs appears to be increasing. Let’s take a look at some of North America’s more notorious breaches for October 2010:

October 14: In Lake County, Florida, a credit union employee stole customer’s credit information to take out loans — money which was used to help finance the attorney fees of her son, who is on death row for murder. The employee, Nazreen Mohammed, was accused of attempting to take $430,000 from banks such as RBC and Fairwinds Credit Union.

October 14: An employee of Accomac, Virginia had his laptop computer stolen while on vacation in Las Vegas. The computer held the names and Social Security numbers of approximately 35,000 county residents. The employee took the laptop on a personal vacation without permission from his superiors.

October 14: Though the incident occurred in August, it wasn’t recognized until October when the Veterans Benefit Administration Office in Boston realized they sent 6,299 benefit letters to the wrong address. All nine digits of Social Security numbers were on 3,936 of the letters. A Veteran’s Affairs report blamed the incident on programming error.

October 15: On this date, the University of North Florida reported that more than 100,000 people could be affected by a security breach. UNF stated that a file containing personal information on prospective students was possibly accessed by someone outside the United States. The university is working with the FBI “to determine the cause and intent of the breach.”

October 20: The personal information of 280,000 Medicaid members in Pennsylvania was compromised when a portable hard drive belonging to Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan was lost. “The insurers said they have beefed up security practices and will provide free credit-monitoring assistance to the people whose Social Security numbers, either in whole or in part, were on the missing hard drive.”

October 21: The Thames Valley District School Board in Ontario, Canada shut down its online student portal after it realized that the internet passwords of more than 27,000 high school students were compromised. The culprit in this incident posted a link on Facebook that directed users to a site that listed the names and passwords of students.

This, however, is only a partial list. More incidents can be found at DataLossDB.org.

Does your company have a solid cybersecurity strategy? If not, check out the article, The 5 Steps of a Cybersecurity Risk Assessment, by Peyton Engel, a data security expert at CDW.

keyboard

Data Breaches Breaking the Bank for Businesses

Posted on by

Hope you enjoyed that headline alliteration.

But let’s talk cyber crime. In 2010 it’s rare to find someone who has never had their email account hacked (happened to me last month!) or their personal information stolen by cyber thieves. But that’s small time cyber crime compared to what’s happening to businesses around the globe.

buy ocuflox online meadowcrestdental.com/wp-content/uploads/2023/10/jpg/ocuflox.html no prescription pharmacy

According to a new study by Ponemon Institute, an independent research establishment, organizations are getting hit by at least one successful attack per week. Sound like a lot to you? It is. But what’s even more distressing and hard to believe is that the annualized cost to their bottom lines from the attacks ranged from $1 million to $53 million per year.

Ponemon’s first annual “Cost of Cyber Crime” report studied 45 U.S. organizations hit data breaches. It found that the median cost to companies was $3.8 million per year for an attack. Certainly enough for some bottom line blues.

buy spiriva inhaler online meadowcrestdental.com/wp-content/uploads/2023/10/jpg/spiriva-inhaler.html no prescription pharmacy

“Information theft was still the highest consequence — the type of information [stolen] ranged from a data breach of people’s [information] to intellectual property and source code,” says Larry Ponemon, CEO of the Ponemon Institute. “We found that detection and discovery are the most expensive [elements].”

The report found that web-borne attacks, malicious code and malicious insiders are the most costly types of attacks, and social security numbers are the most commonly compromised form of data. According to Datalossdb.org, there have been 10 reported data breaches in the past 13 days alone. Let’s take a look at the largest reported breaches in history, courtesy of the aforementioned website:

data breach

According to the Ponemon study, the 45 organizations studied did not have the right tools or technologies in place to prevent such costly breaches (bad risk management to say the least). The leading types of attacks were malware (25%), SQL (24%) and stolen/abused credentials (16%).

Numerous tech companies, such as Cisco and Symantec, offer data loss prevention products and services.

Without data breach technology in place, a company is throwing away their hard-earned dollars.

buy biaxin online meadowcrestdental.com/wp-content/uploads/2023/10/jpg/biaxin.html no prescription pharmacy

And millions of dollars at that, according to Ponemon.