Findings Show Increased Investment in Commonly-Failing Safeguards and False Sense of Confidence Surrounding Security
Identity Finder, LLC, a leader in sensitive data management solutions, today announced findings from a commissioned report by the Ponemon Institute entitled "2014: Year of the Mega Breaches." The study, which comes on the heels of President Obama's introduction of a proposed "Consumer Privacy Bill of Rights," surveyed 735 IT and IT security practitioners about the impact of the Target and other data breaches on their IT budgets and compliance practices. Respondents also shared details of breaches experienced within their own organizations.
The study found that 61 percent of organizations increased its security budget by an average of 34 percent in 2014. The most common resource expansions included:
- Security incident and event management (SIEM)
- Endpoint security
- Intrusion detection and prevention
- Encryption, tokenization
- Web application firewalls
Despite the increased investment in security, the research finds that only nine percent of organizations have increased budgets to address sensitive data management, which would give the necessary insight to discover, classify and protect confidential information, such as Social Security numbers, credit and debit card numbers and medical records, so they are not vulnerable during an attack.
When asked about their own breaches, respondents indicated concerning results:
95 percent did not discover the breach for at least three months
65 percent of respondents say the attack evaded existing preventive security controls
46 percent of breaches were discovered accidentally
50 percent believed they had the tools to prevent a breach
"Businesses are clearly spending money to prevent cyberattacks, but data breaches still occur. There must be a balance between blocking threats and reducing the footprint of vulnerable, sensitive data," said Todd Feinman, CEO of Identity Finder. "JP Morgan Chase spent over $250 million on cyber security last year, but still suffered from a significant data breach. The recent Sony cyberattack where millions of instances of Social Security numbers were found within hundreds of files is an unfortunate example of the damage that can occur when an attack gets through and organizations don't properly store and classify sensitive information and don't remove outdated or redundant data completely."
The President's recent announcement, which was referenced in Tuesday's State of the Union address, looks to standardize breach notification laws, give consumers greater control over personal data companies use, encourage banks to offer free credit monitoring and restrict the mining of student data. The initiatives further elevate and magnify the issue of consumer data privacy and hopefully expand the discussion to include the importance of sensitive data management.
"This study shows that organizations are dedicating greater attention and financial resources towards managing sensitive information and preventing data breaches, which is certainly encouraging news," said Dr. Larry Ponemon, Ph.D. Chairman and Founder, Ponemon Institute. "However, 2015 is predicted to be as bad or worse as 2014 as more sensitive and confidential data and transactions are targeted by attacks and collateral damage. Security is not only about more investments in prevention but also about understanding the data itself that is vulnerable."
