The answer to the question in this headline is: at least $201 per credit card record. That’s the figure the Ponemon Institute reached after interviewing hundreds organizations and their security professionals about the financial impact of a data breach resulting in stolen personal identifying information. That’s a 9% increase in cost over 2014. And the trend of increasing financial risk likely won’t abate in 2015, either. Worse, Ponemon also reported that 43% of companies experienced a data breach 2014 up more than 10% from the year before.
The ubiquity of these cyber attacks is leading all sorts of security firms to proclaim that data breaches are “the new normal” or a “fact of life”. Why is it that a threat like credit card or other PII theft, which could cost your company millions of dollars in remediation costs, is currently so difficult to thwart? And, more importantly, what can you do to proactively identify which pieces of your data are at risk and the financial liability that data poses?
One-size-fits-all data breach prevention strategies are unrealistic
It’s a rather intuitive concept that complex network systems, unique data-access policies and constantly evolving security threats make a one-size-fits-all data breach prevention strategies unrealistic. In fact, while there are countless unique types of attacks on companies in virtually every industry, the basic strategies to breach secured data are not new. In Verizon’s 2014 Data Breach Investigation Report they cataloged only nine main approaches that accounted for more than 90% of all attacks. The difficulty in preventing data breach is not so much predicated on the sophistication of the attackers, but the variability of the IT and data systems each organization employs which demand a personalized approach for each organization.
Personalization takes time and money while network defenders identify new threats and tailor their defenses accordingly. Meanwhile, data thieves can readily leverage existing exploit approaches to custom-tailor an attack on a particular network much more quickly than an organization can identify the threat and properly respond. Not surprisingly, most network security professionals give a dismal assessment of their threat preparedness. In short, if your company possesses valuable personal information like credit cards, you are risking disaster if you rely only on traditional security practices.
Focus on proactive risk analysis informed by financial liability exposure
The good news is that you can reduce your risk of a data breach resulting in stolen PII, and mitigate the subsequent financial liability of stolen PII with a two-pronged approach to proactively discover vulnerabilities and specifically identify vulnerable access points, as well as identifying any existing caches of unsecured sensitive data.
Rather than relying heavily on real-time awareness of when a threat is underway, which will always leave a large organization a step behind the “next exploit” you should plug whatever holes you have, and make sure that, even if your systems are breached, the data is solidly encrypted to limit abuse.
Even better, you can apply commonly accepted liability exposure calculations to get a clear idea of the financial liability that your at-risk data poses, as well as identifying specifically which vulnerabilities will be the most costly. Simply put: if you think your network could be hiding unencrypted personal information you owe it to yourself to check out our four-minute demo that over 40,000 other security professionals have already watched to see how powerful visual analytics can help pinpoint exactly:
We’ve even got the same interactive reports featured in the demo available for you to explore! Data theft attempts might be a way of life, but that doesn’t mean data theft needs to be. If you’re dealing with some analysis paralysis around securing your sensitive data, you might find some immediately actionable steps that will directly mitigate your financial risk refreshing. Learn how to request your free personalized scan here.