Ipswitch Blog

Jaw dropping stats from the 2010 Data Breach Investigations Report

| July 28, 2010 | Compliance, Data Breach, Enforcement, Managed File Transfer, Secure File Transfer, Visibility

I spent my morning reading through the 2010 Data Breach Investigations Report that was just published by the Verizon RISK Team and the United States Secret Service.  This is an amazingly insightful report with lots of information to digest.  If the topic of data breaches interests you, I highly recommend finding time to read through it.

Data breaches are scary.   Nobody wants to be a victim… And nobody wants their company to be the next headline on the news.

Data breaches are expensive.  According to the Ponemon Institute’s 2009 Cost of a Data Breach study, the average cost of each compromised record is $204.

Here are 5 quick recommendations that I’d like you to consider:

  • Recognize your data:  Before you can protect confidential, sensitive and important data you must first go through an exercise of identifying where it lives, who has access to it, how it’s handled, what systems it touches, and make sure any and all interactions with the data is fully visible and auditable.
  • Take proactive precautions:  The majority of breaches were deemed “avoidable” if the company had followed some security basics.  Only 4 percent of breaches required difficult and expensive protective measures.  Enforce policies that control access and handling of critical data.
  • Watch for ‘minor’ policy violations:  The study finds a correlation between seemingly minor policy violations and more serious abuse.  This suggests that organizations should investigate all policy violations.  Based on case data, the presence of illegal content on user systems or other inappropriate behavior is a reasonable indicator of a future breach.  Actively searching for such indicators may prove even more effective.
  • Monitor and filter outbound traffic:  At some point during the sequence of events in many breaches, something (data, communications, connections) goes out externally via an organization’s network that, if prevented, could break the chain and stop the breach. By monitoring, understanding and controlling outbound traffic, an organization can greatly increase its chances of mitigating malicious activity.
  • If a breach has been identified, don’t keep it to yourself:  Standard procedure for data breach recovery should be to quickly identify the severity of the breach… And affected individuals have a right to know that sensitive information about them has accidently been compromised.

I’m going to end this blog post by asking you to estimate how many pieces of sensitive files and data your company has…. Now multiply that by $204.  I’m sure you’ll agree that the ROI on the time and resources spent to protect company data are well worth the investment.

How IT Pros Can Save 30 Minutes a Day

How IT Pros Can Save 30 Minutes a Day

Implementing Compliance for Data Privacy in Regulated Industries

Free Webinar: Implementing Compliance for Data Privacy in Regulated Industries
[ do default stuff if no widgets ]

Reader Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Ipswitch Blog

This post was written by Ipswitch Blog

Ipswitch helps solve complex IT problems with simple solutions. The company’s software has been installed on more than 150,000 networks spanning 168 countries to monitor networks, applications and servers, and securely transfer files between systems, business partners and customers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe, Asia and Latin America.