Cisco Blogs

Anatomy of a Data Breach: Part 1

Last weekend was a typical one, nothing out of the ordinary: errands, science fairs, softball practice with the kids.  However, I found myself hesitating a number of times, thinking twice, before I handed my credit card to the cashier at the mall for to purchase a pair of shoes and again as I typed in my credit card number and security code online to purchase some items for a school fund raiser.  In the past, I hadn’t given this much thought, but with yet another data breach in the news, it seems that the breaches are continuing to occur – and as consumers, we will continue getting those ‘Dear John’ letters informing us we were one of the unlucky ones…

With news of another data breach of up to 1.5 million credit and debit cards compromised last month as well as high-profile data attacks against the International Monetary Fund, National Public Radio, Google and Sony’s PlayStation Network, data security should be top of mind to all of us.  So, how are these breaches continuing despite all of the efforts to secure customer data?  In a series of blog entries to follow, we’ll outline the anatomy of a data breach, steps you can take to reduce your risk, and how Cisco can help keep your organization from being the topic of the next breach headline.

Anatomy of a Data Breach:

It used to be that hackers were in the business of hacking for fame or infamy… mostly individuals or groups of friends were doing small-time breaches, leaving digital graffiti on well-known websites. Although these breaches demonstrated security gaps among those affected, there was little financial impact compared to today.  It should come as no surprise in a world of big data, that it is harder than ever for organizations to protect their confidential information.  Complex, heterogeneous IT environments make data protection and threat response very difficult.

According to the Verizon Business 2012 Data Breach Investigations Report, in 2011, the number of compromised records skyrocketed back up to 174 million across 855 incidents after reaching an all-time low in last year’s report of four million across 761 incidents. In fact, 2011 boasts the second-highest data loss total since keeping track in 2004.  With 98% stemming from external agents, including organized criminals and activist groups (motivated by ideological dissent), the proportion of insider incidents declined yet again this year to a comparatively scant 4%.

According to Verizon, incidents involving hacking and malware were both up considerably last year, with hacking linked to almost all compromised records.  Many attacks continue to thwart or circumvent authentication by combining stolen or guessed credentials (to gain access) with backdoors (to retain access).   Given the drop in internal agents, the misuse category had no choice but to go down as well.

Data breaches are based more on opportunity than on choice. Most victims fell prey because they were found to possess an exploitable weakness rather than because they were pre-identified for attack. According to the research, most breaches were avoidable without difficult or expensive countermeasures. In fact, 96% of attacks were not highly difficult.

Breached companies are on the hook for covering the cost of issuing replacement cards to customers and could face fines from Visa, MasterCard and other card companies as a result of the breach.  According to the Ponemon Institute 2011 Cost of a Data Breach Study, notification refers to the steps taken to report the breach of protected information to appropriate personnel within a specified time period. The costs to notify victims of the breach increased in this year’s study from approximately $510,000 to $560,000.  A key factor is the increase in laws and regulations governing data breach notification. In addition to fines, there are other repercussions.  In many cases, card-processing privileges are revoked and there is a price to pay as stock prices can plummet.

How can Cisco help you reduce the risk of a data breach?  When it comes to security, the network can deliver the capabilities you need unlike any other part of the infrastructure. And just as the network has become the source for delivering critical voice, video and data…it too is becoming a key enforcement point for security.  Stay tuned to learn more about how Cisco can help you from becoming the victim in the next data breach headline.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.