Light Dark
April 17, 2015 By Shane Schick 2 min read

Security experts may be overestimating the cost of a data breach and the extent of mobile device threats, according to a new research report published by Verizon.

Based on insights from 70 organizations in more than 60 countries, the Verizon 2015 Data Breach Investigations Report suggested that despite more complex distributed denial-of-service (DDoS) attacks and mobile Trojans, 70 percent of most cybersecurity incidents initiate via phishing schemes or other traditional hacking techniques. Internal errors and insider threats were also among the nine most common forms of attacks.

Perhaps the most interesting aspect of the research is the way Verizon decided to calculate the financial repercussions of a data breach. Using hundreds of insurance claims related to cybersecurity incidents, the company looked at the types of files that might be lost or stolen by cybercriminals and the volume of records. As an article on CFO pointed out, Verizon’s estimate that security incidents cost firms an average of 58 cents per record is in stark contrast to similar studies by the Ponemon Institute that pegged the impact at more than $200 for each file.

Another surprise, based on the number of ransomware attacks and other types of attacks that seem to target smartphones and tablets, was Verizon’s claims that only 5 percent of mobile threats last longer than 30 days. ComputerWeekly.com suggested Verizon can speak with some authority here since it is a carrier with a significant wireless division from which it can gather a lot of internal data. On the other hand, chief information security officers may simply want to use this research to help figure out where to start with protecting users from a data breach, not ignoring mobile device risks entirely.

The biggest takeaway from the study was likely the notion of a “detection deficit,” or the time between the occurence of a data breach and the organization’s discovery of it. TechTarget spoke with security experts who suggested Verizon is right, but it could be some time before organizations develop the type of threat intelligence and comfort level around information sharing that would significantly speed up detection.

The other big conclusion is that IT departments shouldn’t feel overwhelmed by the ever-evolving nature of cybersecurity. Verizon told eWEEK that while there are ongoing questions about data breach costs, the one thing people can be sure of is that old cybercriminal habits die hard, which could mean catching them will eventually get easier.

 |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

November 20, 2024

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature