Categories: SecurityWorkspace

Security Breaches Near ‘Statistical Certainty’: Study

Businesses of all sizes are feeling a growing lack of confidence about their ability to prevent attacks on their networks, as the frequency and cost of security breaches continues to rise, according to a study published on Wednesday by the Ponemon Institute.

The study, sponsored by Juniper Networks, found that 90 percent of businesses had been hit by at least one IT security breach in the past 12 months, with more than half, or 59 percent, citing two or more breaches in that period.

‘Statistical certainty’

“The threat from cyber attacks today is nearing statistical certainty and businesses of every type and size are vulnerable to attacks,” the Ponemon Institute said in a statement.

The survey comes on the heels of a string of high-profile cyber-attacks that has targeted organisations including security vendor RSA, Lockheed Martin, the International Monetary Fund, the FBI and the CIA.

The explosion of mobile devices has contributed significantly to businesses’ sense of insecurity, with laptops and other mobile kit seen as the most likely points from which attacks are launched against a company, the study found.

Employee laptop computers were the source of 34 percent of breaches, while employee mobile devices were the source of 29 percent of breaches, Ponemon found.

Forty-eight percent of breaches were caused by a malicious software download, 43 percent from malware encountered on a website and 29 percent from malware encountered via social media. System glitches caused 19 percent of breaches, and malware from text messages caused 3 percent.

However, most organisations didn’t know the source of all of their security breaches, with only 11 percent saying they knew where all of their security incidents had originated.

The companies surveyed said overall the security breaches had cost them at least half a million dollars to address, when costs such as cash outlays, business disruption, revenue losses, internal labour and overhead were taken into account.

Data theft

The most serious consequence of a breach, according to 59 percent of respondents, was the theft of information assets, followed by business disruption.

Forty-three percent of the companies in the study said there had been a significant rise in the frequency of cyber-attacks during the past 12 months and 77 percent said the attacks had become more severe or difficult to contain, Ponemon said.

As a result more than one-third of the respondents said they had “low confidence” in their ability to prevent a network security breach, the study found.

The 583 US-based participants in the study ranged from smaller organisations with less than 500 employees to enterprises with more than 75,000 staff. The study was based on an online survey conducted over a five-day period in June.

The survey shows that current IT security systems are not keeping up with the challenges facing them, despite many organisations – 28 percent – earmarking more than 10 percent of their budgets to security, according to Ponemon.

“This study suggests conventional network security methods need to improve in order to curtail internal and external threats,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement.

Prevention vs. quick response

As a result of the rising certainty of security breaches, some industry observers have suggested organisations should turn their attention to preparing for the detection and response to an incident, rather than to preventing attacks.

The Ponemon survey found that 16 percent of organisations had the quick detection and response to security incidents as their primary security focus, while 32 percent continued to primarily focuson preventing attacks. About 25 percent said they were focused on aligning security controls with industry best practices.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

View Comments

  • Great article Matthew! These stats in your article are very valuable for IT security practices. It is a certainty that European companies will begin to feel the threat of security breaches unless steps are taken to ensure corporate networks have the type of Data Leakage Protection that can safeguard the network layer. With the proliferation of mobile devices being utilized by company employees, cyber terrorists have a vast network to choose from when searching for vulnerabilities. Our company, Wedge Networks has been perfecting a platform solution for years to anwser these challenges, and we are leading efforts to prevent the good things from flowing out and the bad things from flowing in through Deep Content Inspection that detects the intent of data in the network.

Recent Posts

North Koreans Stole $1.34bn In Crypto This Year

North Korea-liked hackers have stolen a record $1.34bn in cryptocurrency so far this year, as…

26 mins ago

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago