Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

10 FACTS YOU NEED TO KNOW ABOUT DATA BREACHES

By Deborah Galea, manager, OPSWAT

2014 was dubbed as ‘the year of the data breach’. With many new data breaches dominating the headlines in 2015, including Anthem, the White House, banking attacks, and the latest employee data theft at the US federal government, one can only imagine what the name for 2015 will be: the year of even more data breaches?

According to the Ponemon Institute, 43% of companies experienced a data breach in 2014. Not only is the number of data breaches rising, the number of records stolen per breach is increasing as well as the cost per stolen record. It is apparent that current security measures are not sufficient to protect organisations from data breaches.

The SANS Institute reports that a whopping 95% of all attacks on enterprise networks gained entry through a spear phishing attack. A spear phishing attack is an email targeted at specific individuals that are engineered to look legitimate and fool even tech-savvy users. The email has a malicious attachment or link that when opened installs malware and tries to gain system access.

Clearly, spear phishing attempts are sometimes able to get past traditional spam filters and antivirus engines. No single antivirus engine will be able to block every threat. However, by deploying multi-scanning with multiple antivirus engines, the different detection algorithms and heuristics of each engine can be combined, which significantly increases the malware detection rate for known and unknown malware. Other technologies such as data sanitization and file type verification can also prevent threats that may go undetected by antivirus engines.

Below, we have highlighted the top 10 most interesting, remarkable, and troubling facts about data breaches:

Number of stolen records up 78% in 2014

According to the 2014 Breach Level Index by Gemalto, one billion records were compromised in 2014 in more than 1,500 data breaches; a 78% increase compared to 2013.

Cost of data breach rose 23% since 2013

The total cost of a data breach increased 23% since 2013, as reported in the Ponemon Institute’s Annual Cost of Data Breach Study. In 2015 the average cost per lost or stolen record is $154.

Most costly breaches in US and Germany

The Ponemon Institute reports that the most costly breaches are in the US ($217 per record stolen) and Germany ($211 per record stolen).

Healthcare highest cost per stolen record

The cost of stolen healthcare records can be as high as $363, according to the Ponemon Institute. Healthcare records are more valuable than stolen credit card details since credit cards can easily be cancelled, but fraud using a person’s medical records is much more difficult to stop.

Identity theft most common motive

Gemalto’s research shows that the majority of data breaches are now perpetrated for the purpose of identity theft rather than stealing credit card information. In 2014, 54% of data breaches were motivated by identity theft, compared to 20% in 2013. In 2014 only 17% of data breaches were for financial access, down from 50% in 2013.

Malicious outsiders behind majority of attacks

The 2014 Breach Level Index by Gemalto reports that 55% of the data breaches were perpetrated by malicious outsiders, 25% were due to accidental loss, and 15% were committed by malicious insiders.

95% of breaches start with phishing attack

According to Allen Paller, director of research at the SANS Institute, 95% of all attacks on enterprise networks gained entry through a spear phishing attack. A spear phishing attack is an email targeted at specific individuals that is engineered to look legitimate and fool even tech-savvy users. The email either has a malware-laced attachment or a malicious link that when opened installs malware and tries to gain system access.

Traditional spam filters cannot detect spear phishing attacks

Most spam filtering products detect spam by checking black lists and known spam. However spear phishing emails are composed with considerable effort and target only a small number of individuals, therefore staying under the radar of traditional spam filters.

A single anti-virus engine is not enough to protect against all threats

With 450,000 new threats emerging daily, a single anti-virus solution is no longer going to cut it. By scanning email attachments and web content with multiple antimalware engines you are multiplying the chance that known as well as unknown malware is detected, speeding up protection against outbreaks, and protecting against threats designed to exploit vulnerabilities in specific engines.

Question is not if, but when

Data breaches are becoming more prevalent and more sophisticated. Suffering a breach is no longer a question of if but when. It is important that companies start increasing their security defences.

Read more about how to protect against spear phishing attacks and data breaches: https://www.opswat.com/blog/prevent-spear-phishing-attacks-improved-email-security