Twenty-nine percent of U.S. businesses suffered a data breach in the past year, according to a recent HSB survey of 403 senior executives in the U.S., conducted by Zogby Analytics.
Two thirds of respondents whose businesses were breached said their company’s reputation was negatively affected by the incident. Twenty-seven percent of respondents spent between $5,000 and $50,000 to respond to a breach, and 30 percent spent between $50,000 and $100,000.
Forty-seven percent of the breaches were caused by a third-party vendor or contractor, followed by employee negligence (21 percent) and lost or stolen mobile devices or storage media (20 percent). Just 11 percent were caused by hacking.
When asked to identify the biggest hurdle their organization faces in responding to a breach, 51 percent cited a lack of knowledge, while 41 percent said it comes down to a lack of resources.
“The results highlight how closely our economy and society are interconnected digitally,” HSB vice president Timothy Zellman said in a statement. “Almost all of our personal and business data can be accessible on the Internet through online business connections, websites and social media. And that exposes our private information to attacks from hackers and cyber thieves.”
Monitoring Privileged Users
A separate Balabit survey of 222 IT executives and IT security professionals found that 35 percent of respondents see themselves as the biggest internal security risk to networks within their organizations. While HR and finance staff may be easier targets for social engineering, IT staff have higher access rights than other users, including access to business-critical data.
When asked to identify the most important user data for spotting malicious activity, 47 percent of respondents listed the time and location of login, followed by private activities using corporate devices (41 percent), and biometrics identification characteristics such as keystroke analytics (31 percent).
Within the realm of privileged users, respondents said sysadmins present the biggest threat (42 percent), followed by C-level executives (16 percent).
When asked what data is most valuable to hackers, 56 percent of respondents cited personal employee data, followed by customer data (50 percent) and investor and financial information (46 percent).
“As attacks become more sophisticated, targeted attacks and APTs more commonly involve privileged users inside organizations — often via hacks involving stolen credentials,” Balabit security evangelist Csaba Krasznay said in a statement. “Today, IT security professionals’ tough job has become even tougher. It is not enough to keep the bad guys out; security teams must continuously monitor what their own users are doing with their access rights.”