Missouri Ranks No. 5 in U.S. for Cybersecurity Breaches
In St. Louis, the Schnucks data breach hit home for a lot of executives. Previously, the data losses that made headlines were for companies in other areas. “It did not happen here” seemed to be the view. In fact, in reported data incidents in 2013, Missouri was fifth in the United States with more than 3.2 million records exposed. This is our problem too.
Again, we traditionally associate the primary targets for cybercrime to be banks, but that is changing. If you analyze repeat incidents, the top five targets are universities, financial services, federal agencies, technology providers and hospitals, in that order. It is not just financial transactions that are being compromised; personal data, health information and intellectual property are now in the crosshairs.
The nature of the attackers is changing too. It is no longer just the techno geek in the wee hours; organized crime, nation states and activist groups are moving in. And the number of insider-driven incidents is now over 30 percent of reported occurrences.
INFOGRAPHIC: For more information on the frequency and origins of data breaches, request our cybersecurity infographic.
Information systems departments are as aware as anyone of these disturbing trends, but they continue to struggle with a lack of skilled information security resources. Even when they get management’s support, there is a shortage of affordable qualified candidates.
The attack vectors are changing all the time — from hacking websites to spear-phishing and skimming — so just concentrating on perimeter defenses is insufficient. An organization needs to run a security risk assessment, address internal vulnerabilities and have security event information management (SEIM) and data leak prevention management in place. A comprehensive incident management plan that addresses mitigation, notification and remediation is also recommended.
An incident management plan is not just an IT department need, but a company need — risk management, legal and public relations all have roles; and executive management should be involved and not blindsided.
With increasingly complex environments, including Internet, mobile, bring your own device and the cloud, for many companies, going it alone is not an option. Choosing an accredited cybersecurity partner wisely is essential.
To learn how you can prevent and respond to data loss in your organization, contact Tony Munns, Partner, Advisory Services.