Numbers reported in the media, and on government websites, regarding cyber security incidents in 2014 are mind-bending. Beginning early last January with the Yahoo.com Java exploit which delivered malware to around 300,000 visitors per hour, and ending in the massive attacks on Sony Pictures and PlayStation in December, millions of people were affected. As a result, 2014 was a record-breaker in terms of cybercrime. Like the virulent strain of Ebola that sent the world into crisis-mode last year, cyber attacks spread rapidly and mercilessly.
The recent Price Waterhouse Coopers (PWC) Global State of Information Security Survey reported a 48 percent increase in the number of cyber security incidents in 2014 over the previous year. According to the Ponemon Institute study, the annualized cost of U.S. cybercrime reached over $61 million in 2014, and persistent attacks cost companies an average of $36,000 per day to remediate, a 33 percent increase from 2013.
The irony is that security budgets fell by 4 percent in 2014, with security spending accounting for just 3.8 percent of overall IT budgets. Smaller companies (with less than $100 million in revenues) decreased security spending by 20 percent, while medium ($100 million -$1 billion) and larger companies (over $1 billion) increased budgets by a mere 5 percent.
The Ponemon report says that organizations that invested in strong security intelligence saved an average of $1.7 million and experienced a 30 percent ROI. By now it should be obvious that prevention is far less expensive than mitigation.
Mind-boggling numbers from 2014 include:
- At least 200 million credit cards compromised in the retail sector since 2013 (Home Depot, Michaels, etc.) (creditcardforum.com)
- 1.2 billion login credentials stolen by Russian Hackers from various websites; victims undisclosed (Hold security/New York Times)
- 500 million financial records stolen in the first six months of 2014 (USA Today)
- 4.5 million health records stolen from Community Health Systems by Chinese hackers (New York Times)
- 83 million customers affected by breach of JP Morgan Chase by a Russian gang (AP)
- 24+ critical U.S. weapon systems, the Office of Personnel Management, high-level think tanks, and White House servers compromised. (Washington Post)
- 50 targets in 16 countries infiltrated by hackers using back end vulnerabilities to gain remote access of transportation networks and airline systems. (ARS Technica)
2014 was the year that cyber security became dinner table conversation, but clearly many organizations have not received the message that a strong Military Grade network security system is affordable, easy to use, and quickly deployed.
As part of the greater cyber security community, EdgeWave constantly monitors and customizes security rules for over 6000 clients globally. EdgeWave provides Military Grade cyber security to companies large and small in all sectors, deploying the latest in automated protection backed by 24/7 human analysis to guard against Advanced Persistent Threats. Visit www.edgewave.com to find out how easy it is to secure your network.