The biggest data breaches this year,
visualised by Information Is Beautiful
As I write this article, a group calling
themselves The Phantom Squad have
declared that they intend to take down
both the Xbox Live and Playstation PSN
networks on Christmas Day, and sustain
the attack for a week. They claim its to
expose the continued lack of security
from Microsoft and Sony ,
the former who was hit this time last
year by another group called Lizard
Squad. Of course, this will be a major
disruption to consumers globally who
have purchased a new console for the
festive season but as the well known
activist group Anonymous succinctly put
it, ” …if you worry about not being able to
play games on Christmas you need to re-
evaluate priorities. “
Given the focus on the ever increasing
deluge of data being generated by
consumers and devices, and the
exponential information potential touted
by trends such as the Internet Of Things,
cybersecurity and data protection is
becoming more paramount. But every
year the data breaches get larger, more
sophisticated and ever more
costlier. According to a joint study by
IBM and Ponemon conducted
this year, the average cost paid for each
lost or stolen record containing sensitive
and confidential information increased 6
percent, jumping from $145 in 2014 to
$154 in 2015. The lowest cost per lost or
stolen record is in the transportation
industry, at $121, and the public sector,
at $68. On the other hand, the retail
industry’s average cost increased
dramatically, from $105 last year to
$165. Consider the latest hacks that have
hit the headlines so far:
Ashley Madison breach hit 37m users
Malware installed on over 2,000 cash
registers hit over 56m customers at
Home Depot
The European Central Bank had its
website hacked, with personal
information including email
addresses and contact data stolen
Kirkwood Community College’s
website was hacked this year,
exposing 125,000 social security
numbers of applicants over an 8
year period
visualised by Information Is Beautiful
As I write this article, a group calling
themselves The Phantom Squad have
declared that they intend to take down
both the Xbox Live and Playstation PSN
networks on Christmas Day, and sustain
the attack for a week. They claim its to
expose the continued lack of security
from Microsoft and Sony ,
the former who was hit this time last
year by another group called Lizard
Squad. Of course, this will be a major
disruption to consumers globally who
have purchased a new console for the
festive season but as the well known
activist group Anonymous succinctly put
it, ” …if you worry about not being able to
play games on Christmas you need to re-
evaluate priorities. “
Given the focus on the ever increasing
deluge of data being generated by
consumers and devices, and the
exponential information potential touted
by trends such as the Internet Of Things,
cybersecurity and data protection is
becoming more paramount. But every
year the data breaches get larger, more
sophisticated and ever more
costlier. According to a joint study by
IBM and Ponemon conducted
this year, the average cost paid for each
lost or stolen record containing sensitive
and confidential information increased 6
percent, jumping from $145 in 2014 to
$154 in 2015. The lowest cost per lost or
stolen record is in the transportation
industry, at $121, and the public sector,
at $68. On the other hand, the retail
industry’s average cost increased
dramatically, from $105 last year to
$165. Consider the latest hacks that have
hit the headlines so far:
Ashley Madison breach hit 37m users
Malware installed on over 2,000 cash
registers hit over 56m customers at
Home Depot
The European Central Bank had its
website hacked, with personal
information including email
addresses and contact data stolen
Kirkwood Community College’s
website was hacked this year,
exposing 125,000 social security
numbers of applicants over an 8
year period
Not all threats are from the outside
This is very small set of examples from
breaches in security in 2015 but what’s
interesting is that while hacking and
information security breaches are mostly
regarded as an outside attack, in a recent
PwC survey conducted with the HMRC in
the UK, it stated that 43% of
cybersecurity breaches were caused by
activities conducted by staff. After
speaking to Ryan Stolte, CTO at Bay
Dynamics earlier this month I had a
better picture as to why this may be the
case. Ryan’s company correlates data
generated from user activities and
accesses to systems and builds a story
about the individuals – employees and
third party vendor users – that details
how they behave on a daily basis. “By
focusing on the people who have access
to businesses’ networks and
understanding how they typically behave,
if they do something out of the norm, we
can easily flag, report and stop it. The
overall goal is to change behaviours
across enterprises before it’s too late.”,
said Ryan.
User and entity behavior analytics
(UEBA), that branch of cybersecurity that
examines internal user behaviour, is
becoming increasingly more popular.
Gartner says it expects the UEBA
market revenue climb to almost $200
million by the end of 2017.
According to studies by Bay Dynamics, in
approximately 90% of data loss
prevention incidents, i.e. when
employees leak sensitive data outside an
organization, the employees are
legitimate users who innocently send out
data for business purposes. They
are exhibiting normal employee
behaviour even though it might be in
violation of the established business
policy. When they are called out by their
employer, close to 80 percent of
users who are exhibiting risky behaviour
(i.e. visiting high risk websites such as
gambling, pornography and others) make
changes so that they are more security-
conscience.
Only 1% of data loss prevention incidents
are critical ones which either show signs
of being a malicious or by a
compromised insider.
This is very small set of examples from
breaches in security in 2015 but what’s
interesting is that while hacking and
information security breaches are mostly
regarded as an outside attack, in a recent
PwC survey conducted with the HMRC in
the UK, it stated that 43% of
cybersecurity breaches were caused by
activities conducted by staff. After
speaking to Ryan Stolte, CTO at Bay
Dynamics earlier this month I had a
better picture as to why this may be the
case. Ryan’s company correlates data
generated from user activities and
accesses to systems and builds a story
about the individuals – employees and
third party vendor users – that details
how they behave on a daily basis. “By
focusing on the people who have access
to businesses’ networks and
understanding how they typically behave,
if they do something out of the norm, we
can easily flag, report and stop it. The
overall goal is to change behaviours
across enterprises before it’s too late.”,
said Ryan.
User and entity behavior analytics
(UEBA), that branch of cybersecurity that
examines internal user behaviour, is
becoming increasingly more popular.
Gartner says it expects the UEBA
market revenue climb to almost $200
million by the end of 2017.
According to studies by Bay Dynamics, in
approximately 90% of data loss
prevention incidents, i.e. when
employees leak sensitive data outside an
organization, the employees are
legitimate users who innocently send out
data for business purposes. They
are exhibiting normal employee
behaviour even though it might be in
violation of the established business
policy. When they are called out by their
employer, close to 80 percent of
users who are exhibiting risky behaviour
(i.e. visiting high risk websites such as
gambling, pornography and others) make
changes so that they are more security-
conscience.
Only 1% of data loss prevention incidents
are critical ones which either show signs
of being a malicious or by a
compromised insider.