SHARE
Follow this article on Twitter Facebook LinkedIn Bookmark and Share
Home >> Security

Why data breach costs are really going down

Why data breach costs are really going down

By:  Rafael Ruffolo  On: 09 Nov 2010 For: ComputerWorld Canada Creator

Telus says reported data breaches are on the rise in 2010, while the financial impact of the average breach is steadily decreasing. Rotman School of Business professor Walid Hejazi helps explain the peculiar trend

A new study by Telus Corp. reveals that while Canadian organizations reported 29 per cent more data breaches in 2010 versus the previous year, the annual cost of these security issues has dropped substantially.

The telecom giant’s report, which polled 500 business and IT professionals, was part of a joint study with the University of Toronto’s Rotman School of Management. The report found that breaches were up almost 30 per cent year-over-year, largely because of a doubling in reported incidents at government agencies.

Yogen Appalraju, vice-president of Telus’ security solutions division, said better detection and protection technologies have not only led to more reporting across the board, but also to better containment techniques. This, he said, starts to explain why reported breaches have jumped 30 per cent in 2010, while breach costs dropped from an average of $834,000 in 2009 to $179,508 in 2010.

Appalraju added, however, that targeted attacks have been on the rise during the same period, which might be contributing to the underreporting of data breach losses at some firms.

“In a lot of cases, organizations might not know that they’ve been breached for a long time,” he said.

For Walid Hejazi, professor of business economics at Rotman, the massive 78 per cent decrease in breach costs underscores a drastic change in the way hackers and cyber criminals are going about their trade.

“They’re not trying to bring down the network anymore,” he said.

Increasingly, criminals are targeting organizations and employees that can give them sensitive data that can be sold or repurposed for financial gain.

Hejazi said enterprises often felt a huge financial hit anytime their network and IT infrastructure was attacked. But when attackers target credit card data instead, the data breach costs are being felt amongst customers.

In cases where attackers are targeting intellectual property or sales leads, he added, an organization often is unaware that they’ve lost their competitive advantage and fail to report any data breach costs.

As for the state of IT security teams, the Telus survey found that organizations decreased the size of security staff in 2010 much more than the previous year. In 2010, 50 per cent of responding organizations reported security teams of one to five staff members compared with 12 per cent reporting teams of six to 10 staff members.

One of the biggest issues these smaller security teams have been tasked with, Telus said, is the job of controlling social networking access. But the study found that even though one in four responding Canadian organizations actively blocked access to social networking sites for security reasons, these companies do not experience any improvement in security.

According to Hejazi, some organizations that block access to social networking sites actually bring productivity and security issues upon themselves as employees spend valuable time trying to circumvent the block or surf the sites through their mobile devices.

He said organizations should ideally allow social networking access and put into place extensive education programs to ensure that employees know how to use the sites responsibly. And that doesn’t mean just telling your employees to “go on Facebook and be careful,” Hejazi said.

He added that employees should be advised that even a few unrelated Facebook or Twitter messages at the wrong time may lead to negative consequences.

“Especially in the financial sector, the fact that you’re talking on Facebook about nothing can send a signal to a lot of signals to your competitors,” Hejazi said.

Sign up for our Newsletters
Tags: security, networking, data breach
Close X












Close X
Print |  Views: 4211   |   Rating:offoffoffoffoff  (0 votes)
Rate this article on a scale of
1 to 5 stars,5 being the best.



Close X
Page 1

Rafael Ruffolo Rafael Ruffolo was a senior writer for ComputerWorld Canada from 2006 to 2011. He was the winner of a Kenneth R. Wilson award for business journalism in 2009.

Related Content

One in five Canuck firms report security violations
One in five Canuck firms report security violationsAccording to a new survey by CA Canada, enterprise data breaches caused by security attacks have doubled since 2006. Info-Tech’s James Quin notes not all breaches necessarily cause harm but the feds should mandate encryption.
Security survey reveals data breaches are on the rise
Security survey reveals data breaches are on the risePoll shows that one in five companies have experienced a data breach
Threat landscape changing
Threat landscape changingThe Internet security threat landscape is changing, according to security firm Symantec. Attackers are moving away from large, multipurpose attacks on network perimeters and towards smaller, more focused attacks on client-side targets.
Obama, the security threat
much hay was made in the now-mercifully-ended u.s. election campaign (next one starts in january!) about whether the democrats were soft on homeland security. regardless of opinion, the president-elect -- congratulations, sen. obama -- has predictably become an it security threat.websense, symantec and sophos labs reported today on pusa-related security issues. websense says its threats
blog comments powered by Disqus