I recently took the time and effort to complete my HPE Sales Certification on Security Software Solutions, which naturally was quite illuminating in terms of how Data Security has become top of mind not only due to the highly publicized hacks that we have all heard about (Sony Movie Studios, IRS Fraudulent Refunds etc.) but also to the many breaches that occurring constantly that no one is aware of.
Part of the courseware was a list of sobering facts on how often and what impact breaches have to corporations (much like the general consumer) as well as how this could put those organizations in such a negative light in terms of reputation that recovery becomes that much more difficult should your data become exposed. According to HPE, these stats come from Gartner, Forrester and the Ponemon Institute (amongst others I would imagine) provide a sample framework of what the new Cyber Crime “Bad Guys” are doing to your Data every single day:
- “Bad Guys” are spending 229 days inside your network BEFORE DETECTION
- 80% of Breaches occur at the Application Layer (many of these are Malicious Insiders)
- 56% of Organizations have been the target of a Cyber Attack
- It takes 45 Days to resolve a Cyber Attack on average
- Global Spend in 2015 was $77B, it is projected to be $120B in 2017 and $170B in 2020
- 8% of the Total IT Budget is spent on Security
- The Mean Annualized Cost of Cyber Crime per organization is $7.7M
There are certainly plenty more statistics that can be displayed here, but the whole point is that we are now experiencing a “New Normal” where the Cyber Bullies are getting more innovative and daring than ever before. Hacking and Cyberwarfare have become a rather lucrative business for these adversaries as we are hearing stories of how Ransomeware is effectively shutting down corporations who fail to heed many of these warnings and are locked out of their operations due to Hackers doing a better job of getting past the gatekeepers and obstacles we thought that would keep them out previously. We must now deal with the Assumption of Compromise by the “Bad Guys” from every aspect of how we handle our Corporate (and Personal) Data especially as much of this information is trending to be moved to Public, Private and Hybrid Cloud Providers, another set complexities that didn’t have to deal with previously.
Ultimately we all need to understand that this “New Normal” is something that is not static but instead constantly evolving and that we must be prepared well beyond previous exercises of just protecting your perimeter and instead be protecting your organization from the core and applications levels. You also need to consider encryption at every layer of your infrastructure so even your internal employees can’t walk about with the keys to your business should they decide to see what information has been left unsecured.
For those that have taken the proper precautions, my hats off to you for being proactive. For those that are just starting to take a look at their next steps, we also salute you and finally for those that are not sure what to do, please contact me at Glen.Benjamin@DirecLogix.com and we can get started with an assessment of your current scenario with our Security Team and make some recommendations on what you should be doing to keep your Corporate Data out of the “Bad Guys” hands.