Key takeaways /quotes:
- 27% had experienced a data breach at their organizations within the past two years, up from 23% from the previous year’s survey
- nearly 50% of general counsel say planning for cybersecurity incidents and responding to breaches
- is now a part of their job...However, the perceived importance does not always translate into time spent
- Companies that suffer a data breach can expect to face an average 5% drop in stock price and 7% loss in customers, resulting in total costs ranging anywhere from $300K to up to $14 Million
- "Internal actors are responsible for 43% of data loss, half of which are intentional, half accidental.” McAfee
- “59% of employees steal proprietary corporate data when they quit or are fired.” Heimdal Security from Verizon
- "63% of confirmed data breaches leverage a weak, default, or stolen password." Verizon 2016 Data Breach Report
- According to the 2016 Data Security Incident Response Report, hacking and malware account for 31% of overall data breach cause
Recommendation: "Take the time to manage the risks to corporate data and protect the company against the threats that cause data breaches"
And review of the following:
- Data storage location -- paper vs secure electronic storage, cloud vs on-premise stores
- Sending data to wrong recipient (email/fax) -- secure sharing environment and data exfiltration techniques
- Least privileges for sensitive data -- Identity and Access Management and proper control / process / approval
- Physical security of data including backup and disaster recovery - securing data for high availability as well as recovery, ISO 27001 certification for reference
- Cyber-attach around data transfers, permissions, encryption and intrusion management -- life cycle and layered security from prevention, detection, isolation through eradication and notification
No comments:
Post a Comment