In 2012, data breaches spanned multiple countries across a wide variety of industries.
As cloud storage, user mobility and virtualization become more prevalent in business and IT practices, cyber security threats have become equally prevalent. Safeguarding data has become a top priority and is now mandatory for organizations of all sizes from small businesses to government agencies to international corporations. In order to combat data security threats, organizations must first understand current data breach trends and identify the vulnerabilities within their systems.
Trustwave’s 2013 Global Security Report discovered that data breaches were not limited to a certain country or industry. It makes business sense for companies to outsource IT operations to a third-party vendor. However, vendors have a large base of clients so they often use remote support and administration that remain available 24/7 making client data easily accessible . . . and hackable. Trustwave’s report states that remote access was once again the biggest cause for data breaches in 2012, accounting for 47% of the analyzed attacks.
In terms of industry, retail, government, technology, education and financial services have the highest amount of data incidents, according to KPMG’s Data Loss Barometer report. Although the financial services sector had an 80% reduction in data loss by number of incidents, it still ranks as the fifth worst performing sector. The same report showed that external threats to healthcare organizations doubled to 81% from 2010 to 2012, showing vigilance is necessary to stop cyber attacks.
Adding to the problem, Trustwave found that businesses are slow to “self-detect” data breaches so a cyber attack can occur without the company even knowing they have a problem. It took an average of 210 days from the time of the initial breach for companies to discover they had been attacked, 35 days longer than it took for companies to self-detect in 2011.
What these data loss statistics prove is that cybercriminals will never stop trying to infiltrate businesses to obtain data. However, what the data also shows is that it’s possible for organizations to safeguard their data by first knowing their vulnerabilities and then by implementing proper data protection and security systems to thwart criminal activity.