WebProNews

Tag: Ponemon Institute

  • Cyberattacks Hit 66% of Small and Medium Businesses Last Year

    Cyberattacks Hit 66% of Small and Medium Businesses Last Year

    Health IT Security is reporting on two separate security reports, one from Kaspersky and the other the Ponemon Institute-Keeper report, showing 66 percent of small to medium-sized businesses suffered cyberattacks last year.

    The reports also showed that the cost of cyberattacks is on the rise, with a malware incident costing some $2.7 million on average. In spite of that, just 12 percent of organizations were concerned with a malware attack.

    Similarly, SMBs bear the brunt of phishing and web-based cyberattacks. Some 72 percent of those polled had experienced at least one cyberattack, with 53 percent reporting a phishing or social engineering attack, 50 percent a web-based attack and 39 percent reporting a general malware attack. To make matters worse, 60 percent said the attacks they experienced were sophisticated in nature, indicating that SMBs are increasingly being targeted.

    Despite the sobering picture, the Keeper report showed that response times have not improved. Just 26 percent of SMBs have decreased their response time, while 39 percent reported response times had increased.

    “SMBs are also at risk because most of them (70 percent of respondents) do not have a comprehensive inventory of all third parties with whom they share sensitive and confidential information,” researchers wrote. “Without this information, they are unable to conduct assessments to ensure their third parties are taking steps to safeguard their sensitive and confidential information.”

  • Mozilla Was Most Trusted Internet Company For Privacy In 2012

    January 28 is Data Privacy Day. It’s a topic that has become increasingly more important in recent years as more of our information moves to the Internet. Consumers are largely untrusting when it comes to Internet companies, but one has at least earned more trust than others.

    A study from the Ponemon Institute found that Mozilla was the most trusted Internet company for privacy in 2012. The non-profit ranked number one in the Internet & Social Media category and number 20 overall. The study doesn’t detail the competition, but we can assume that Mozilla beat out the likes of Google, Facebook and Twitter.

    In accepting the award, Mozilla says that it doesn’t strive to win awards when it comes to its users’ privacy:

    This is certainly quite a distinction and the product of a user-centric philosophy implemented by contributors to the Mozilla project over the past decade. Engineers, UX designers, security, engagement, IT and privacy folks have made thousands of small decisions over the years that have collectively created the user trust reflected by this survey. This recognition is not something we sought, as we don’t view privacy as an end unto itself, but it’s greatly appreciated given all the complexities and nuances associated with privacy and security today.

    That being said, Mozilla finds that the rankings only detail the inherent distrust consumers have for online services. It hopes that itself and others can fix that perception going forward:

    The rankings have another implication. It means we as an industry all have a lot more work to do. It’s unfortunate that users largely distrust the ecosystem of online service and application providers. What we really want is an environment where those of us developing Internet and social media services and applications deepen trust in a way that empowers and protects users and engenders confidence. We all have to continue our efforts — both big and small — to create a more trustworthy environment of online products that seamlessly integrate ease of use, transparency, and user choice.

    Speaking of other companies, Google and Facebook both detailed new privacy initiatives today to coincide with Data Privacy Day. Google says that it requires search warrants whenever law enforcement requests a user’s information. It also notifies users when their information is being requested. As for Facebook, the company’s Chief Privacy Officer, Erin Egan, will be accepting questions from users to keep the privacy dialog transparent and accessible to all.

  • Cybercrime Costs on the Rise, HP-Sponsored Study Finds

    HP and the Ponemon Institute today unveiled a new security study that shows the cost and frequency of cybercrime has risen for the third year in a row.

    The 2012 Cost of Cyber Crime Study, conducted by the Ponemon Institute and sponsored by HP, found that the average annual cost of cybercrime for U.S. organizations was $8.9 million in 2012. That amount is 6% more than the $8.4 million average costs of cybercrime in 2011, and a 38% increase over the 2010 average of $6.5 million.

    The report also shows a 42% increase in the number of cyberattacks in 2012. This year, organizations experienced an average of 102 successful attacks per week, compared to 72 attacks per week in 2011 and 50 attacks per week in 2010.

    “A successful attack is one that infiltrates or infects an enterprise system,” said Larry Ponemon, chairman and founder of the Ponemon Institute, who spoke with WebProNews. “We’re really looking at things that stick, rather than bounce off a company’s firewall or other perimeter protections.”

    Ponemon has served on the Advisory Committee for Online Access & Security for the U.S. Federal Trade Commission and was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security.

    Though the total average cost of cybercrime is on the rise, the report shows that companies incur costs differently according to their size and the industry they are associated with. Ponemon shows that while organizations they classify as small have lower annual cybercrime costs, their per capita cybercrime costs ($1,324) are much higher than larger organizations ($305). Organizations in the defense, utilities & energy, and financial services industries have higher costs associated with cybercrime than those in other industry segments, such as retail, hospitality, and consumer products.

    This is the first year the report has expanded past U.S. companies, looking at businesses in the U.K., Germany, Japan, and Australia. According to Ponemon, the U.S. and Germany were much more likely to be hit with cyberattacks, and a larger percentage of their external costs due to cybercrime came from information loss. The majority of the U.K.’s and Australia’s external costs came from business disruption, meaning their internal costs largely consisted of recovering from cyberattacks, while the U.S. and Germany spent more internally on detection.

    Several security solutions are advised by the Ponemon report. It shows that a “strong security posture” based on the Security Effectiveness Score (SES) metric can mitigate the average cost of cyberattacks. Strong security governance practices are encouraged as well, with the report showing that organizations that invest adequately in security resources, appoint a high-level security leader, and employ experts can reduce their cybercrime costs.

    The report also found that, unsurprisingly, deployment of security intelligence systems can make a difference in the costs companies incur as a result of cybercrime. It shows that organizations that deploy security intelligence technologies saved an average of $1.6 million compared to those that did not.

    “The purpose of this benchmark research is to quantify the economic impact of cyberattacks and observe cost trends over time,” said Ponemon. “We believe a better understanding of the cost of cybercrime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.”

    HP believes its security services are just the sort of resources companies need to safeguard their network infrastructures. The company recently updated its enterprise security solutions, focusing on proactively protecting customers rather than reacting to cyberattacks. HP will also sponsor a series of live webinars, presented by Larry Ponemon, starting later this month. The webinars will detail the findings of the Ponemon report for the individual countries in which the study was conducted.

    “Organizations are spending increasing amounts of time, money and energy responding to cyberattacks at levels that will soon become unsustainable,” said Michael Callahan, vice president of Worldwide Product and Solution Marketing, and Enterprise Security Products at HP. “There is clear evidence to show that the deployment of advanced security intelligence solutions helps to substantially reduce the cost, frequency and impact of these attacks.”

    Varun Kohli, director of Product Marketing for Enterprise Security Products at HP told WebProNews that the Ponemon report provides conclusive data for security teams trying to sell their worth to executives, who often don’t see value in comprehensive preventative security solutions. His advice to organizations is to “bake-in” security to their solutions by making the solutions “intelligent” and “protecting what matters.”

    “If it doesn’t neet to be on the internet, don’t put it on the internet,” said Kohli.

  • Social Media Users Probably Not Doing Enough to Protect Their IDs

    A new study conducted by the Ponemon Institute and sponsored by Experian’s ProtectMyID.com found that people are doing little to protect their personal information on social networks, opening them up to increased vulnerability for ID theft. While about 80% of those surveyed expressed concern about security around social media, over half of them aren’t doing anything about it.

    "The study results are extremely telling, especially about measures that users take, or fail to take, in order to protect their identity while using social networks," says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "I was surprised that those who had experienced identity theft in the past weren’t taking stronger measures to protect their identity. No matter who you are, if you want to increase social networking safety, you must take the necessary steps to protect your information."

    Facebook-Privacy-Settings

    Some highlights from the study include:

    – About 65% of users don’t set high privacy or security settings in social media sites

    – Over 90% of users don’t review a given Website’s privacy policy before engaging in use.

    – About 40% share their physical home address through social media apps.

    "Social networking sites give users the ability to share personal information, but they need to keep sensitive information out of easily-accessed public profiles," says Jennifer Leuer, general manager of ProtectMyID.com. "If people aren’t careful, identity thieves can quickly gather all the information they need to commit fraud, and that’s why it’s so important to be selective about the information shared and use a product like ProtectMyID.com, since it provides early fraud detection and resolution."

    Interestingly, the study found that people who have been victims of identity theft in the past are just as likely to be lax in securing their personal information online.

     

  • Privacy Issues Holding Back Online Behavioral Advertising

    More and more marketers are shying away from online behavioral advertising (OBA) over concerns about consumers’ privacy, according to new report by the Ponemon Institute.

    The report, "Economic Impact of Privacy on Online Behavioral Advertising," found 70 percent of companies agreed behaviorally targeted advertising significantly increased marketing and sales performance, but most have limited their online ad budgets over privacy concerns.

    The majority (98%) of companies said they have restricted OBA because of privacy concerns, while 63 percent said OBA was their most effective form of marketing.

    Larry-Ponemon "These numbers are disconcerting both in terms of the percentages and the potential economic impact," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute.

    "These data clearly indicate that, in spite of a belief that behavioral advertising is their most effective marketing channel, companies are holding back hundreds of millions of dollars from online marketing simply because of a lack of confidence that privacy concerns can be overcome"

    The study concludes that companies are clearly concerned with the protection of consumer privacy and are sensitive to consumer unease with online behavioral advertising. The study recommends that advertisers, regulators, and privacy advocates work together to better address privacy concerns through improved disclosure models, consumer education, and effective consent mechanisms.
     

  • Cost Of Data Breaches Continues To Climb

    Data breach incidents cost U.S. companies $204 per compromised customer record in 2009, compared to $202 in 2008, according to a new study from the Ponemon Institute and security firm PGP.

    Even with an overall drop in the number of reported breaches (498 in 2009 vs. 657 in 2008), the average total per-incident costs in 2009 were $6.75 million compared to an average of $6.65 million in 2008.

    Data-Breaches

    Highlights from the study include:

     

    •   Careless insider breaches have decreased in number and cost most likely resulting from training and awareness programs having a positive affect on employees’ sensitivity and awareness about the protection of personal information. Additionally, 58 percent have expanded their use of encryption up from 44 percent last year.
    •   Organizations are spending more on legal defense costs which can be attributed to increasing fears of successful class actions resulting from customer, consumer or employee data loss.
    •   Average abnormal churn rates across all incidents in the study were slightly higher than last year (from 3.6 percent in 2008 to 3.7 percent in 2009), which was measured by the loss of customers who were directly affected by the data breach event (i.e., typically those receiving notification). The industries with the highest churn rate were pharmaceuticals, communications and healthcare (all at 6 percent), followed by financial services and services (both at 5 percent).
    •   Third-party organizations accounted for 42 percent of all breach cases, dropping from 44 percent of all cases in 2008. These remain the most costly form of data breaches due to additional investigation and consulting fees.
    •   The most expensive data breach event included in this year’s study cost a company nearly $31 million to resolve.  The least expensive total cost of data breach for a company included in the study was $750,000.

    "In the five years we have conducted this study, we have continued to see an increase in the cost to businesses for suffering a data breach," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute.

    "With a variety of threat vectors to contend with, companies must proactively implement policies and technologies that mitigate the risk of facing a costly breach."

    > Spam Is Getting More Malicious

    >Stealth Phishing Attack Looks Like Internal Email

    >Security A Concern For Online Holiday Shoppers