01 Mar 2017
By Joseph Steinberg
Cisco recently published its tenth annual data breach report, and some of the findings should be cause for concern by people who own, run, or work for businesses.
The firm's 2017 edition of its annual cybersecurity report entitled "Cybersecurity Report: Chief Security Officers Reveal True Cost of Breaches And The Actions That Organizations Are Taking," provides insights based on threat intelligence gathered by Cisco's security experts, combined with input from nearly 3,000 Chief Security Officers (CSOs) and other security operations leaders from businesses in 13 countries.
Cisco noted that, according to its research, in 2016:
Just 56 percent of security alerts are investigated and less than half of legitimate alerts actually lead to problems being corrected. Defenders, while confident in their tools, are undermined by complexity and manpower challenges; criminals are exploiting the inability of organizations to handle all important security matters in a timely fashion. (Information overload is causing a "Boy Who Cried Wolf" situation in some environments, and too many real alerts are overwhelming information-security professionals in others.)
Twenty-seven percent of employee-introduced, third-party cloud applications, intended to open up new business opportunities and increase efficiencies, were categorized as high risk and created significant security concerns. (Inadequately vetted applications can create risks.) On the positive side, 90% of organizations that experienced a breach in 2016 are improving threat defense technologies and processes after attacks by separating IT and security functions (38 percent), increasing security awareness training for employees (38 percent), and implementing risk mitigation techniques (37 percent). (Thankfully, firms that have suffered breaches are investing in preventing future problems.)
Discussing the report, John N. Stewart, Cisco's Senior Vice President and Chief Security and Trust Officer, noted that "In 2017, cyber is business, and business is cyber -that requires a different conversation, and very different outcomes. Relentless improvement is required and that should be measured via efficacy, cost, and well managed risk. The 2017 Annual Cybersecurity Report demonstrates, and I hope justifies, answers to our struggles on budget, personnel, innovation and architecture."
Here are comments from several other industry insiders on the report.
David Vergara, Head of Global Product Marketing, VASCO Data Security:
"This report makes several things abundantly clear. The first is that cybercriminal's weapon of choice is not always the sophisticated attack; generally, they prefer the path of least resistance, so security laggards beware. Second is the hard cost of a breach, through lost customers, revenue and business, is rising dramatically. This cost should drive more pointed security resource discussions and prop up related business cases."
Brad Bussie, Director of Product Management, STEALTHbits Technologies:
"Statistics from this study, and others, show an alarming trend that asset risk is no longer being calculated correctly. Losing customers, revenue, and opportunities can be mapped directly back to breached systems. It would be interesting to see how much it would have cost to protect the systems in question, or to change to process that was exploited and compare it to what was lost because of the breach."
Don Duncan, Security Engineer, NuData Security:
"Cisco's findings that 22% of breached organizations lost customers and a significant number of these companies lost 20% of their entire customer base is a sobering data point for any organization when considering whether to disclose a breach publically. Regulations may be coming that will force disclosures. Until that happens, with so much at risk it's no wonder that breach numbers are vastly underestimated."
Brian Laing, VP of Business Development and Products, Lastline:
"The Cisco data breach report highlights the continually evolving techniques used by criminals to exfiltrate sensitive corporate data, and the resulting impact on business performance. Enterprises must continually expand and enhance their security capabilities to keep up with new techniques, schemes, and technology continually introduced by organized crime." Like this column? Sign up to subscribe to email alerts and you'll never miss a post. The opinions expressed here by Inc.com columnists are their own, not those of Inc.com. Published on: Feb 28, 2017
Read original article here....HACKING LATEST THREATS