The cost of security breaches are staggering. Just ask former Target President and CEO Gregg Steinhafel, who was just given the boot following a massive security breach last December. The board of directors, it seems, wants a new face to restore consumer confidence.
It’s probably just a coincidence, but news broke last night that IBM was releasing new security software and services. It also comes as the Ponemon Institute released research that shows the cost of data breaches increased 15 percent in the past year to $3.5 million or an average of $145 per record breached.
Target’s Security Breach
In light of these figures, one could understand the anxiety of the board of directors for Target, one of the top US retailers.
Target disclosed the cyber attack in December, revealing the theft of at least 40 million payment card numbers and 70 million other pieces of customer data. At a cost of $145 per record breach, Target ended up paying a considerable sum of money for something that could have been avoided.
Where all this leaves Target in terms of its business and financials remains to be seen, with quarterly figures due later this month. From an IT perspective, however, the real points of interest are the massive cost of ignoring data security and the fact that the consequences will reach all the way up the corporate ladder to the C-Suite — far beyond the laps of overworked IT administers.
The announcement last night that it was upgrading its security services was, considering the ongoing fallout over Target, a timely one.
IBM has been working on security for close to forever, but the new services announced last night -- just as Steinhafel was packing his executive toys into a box -- are the result of two years of investment and the acquisition of some notablesecurity and data heavy hitters, such as Q1 Labs, Trusteer, Guardium, Ounce Labs, Watchfire and Fiberlink/MaaS360.
It also follows the creation of a dedicated cyber security business in late 2011, which has produced some pretty impressive double digit growth figures despite difficulties IBM is having in other business areas, particularly hardware.
Given the figures that the Ponemon Institute has produced, it’s no mystery why businesses are so interested in these kinds of tools. The majority of companies surveyed by Ponemon, for example, say targeted attacks are one of their biggest problems, costing them on average $9.4 million in brand equity alone.
IBM’s new Threat Protection System uses analytics to go beyond traditional threat detection, utilizing security intelligence and behavioral analytics to go outside firewalls and disrupt attacks across the entire attack chain.
Among the highlights of this release is the new Trusteer Apex solution for endpoint malware blocking, as well as enhancements to its QRadar Security Intelligence platform, which features new capabilities for enabling organizations to detect attacks
IBM has also introduced a new Critical Data Protection Program that helps safeguard critical data and provide enterprises with services that oversee all the data security needs of an enterprise
The new consulting services announced last night are based on IBM’s Data Centric Security Model, under which IBM deploys assets from Guardium, StoredIQ and IBM Research to help protect business critical information, which, according to IBM, accounts for an estimated 70 percent of the value of a publicly traded company.
The Cost Of Data Breaches
To assess the financial damage that data breaches cause, the Ponemon Institute conducted 1,690 interviews with IT, compliance and information security practitioners representing 314 organizations in North America, Europe, Asia and South America.
The findings, which are contained in the IBM sponsored ninth annual Cost of Data Breach Study, showed that the most costly breaches occur in the US and Germany, where the cost of every compromised record is $201 and $195, respectively.
Root causes of data breaches differ among countries and affect the cost of the breach. Countries in the Arabian region and Germany had more data breaches caused by malicious or criminal attacks, while India had the most data breaches caused by system glitches or business process failure. Human error was most often the cause in the UK and Brazil. The most costly data breaches were those caused by malicious and criminal attacks.
The research also found that the most common cause of a data breach is a malicious insider or criminal attack, which underlines the need for enterprises to have systems in place to detect even the slightest change in data use habits by people working in the company.
Also surprising was that a mere 38 percent of companies have a security strategy in place to protect IT infrastructure, though 45 percent currently have a way of protecting their information assets.
If at last half of those companies surveyed said that they have no, or low, confidence that they are making the right investments in people, processes and technologies which address potential and actual threats, they will be throwing money at the problem over the next 12 months with an average of $7 million ring fenced for security.