Data breach threats of 2013

A recent study by Deloitte, titled Blurring the lines: 2013 TMT global security study, shows that 59% of Technology, Media, and Telecommunications (TMT) companies suffered a data breach.  88% of these companies do not believe that they are vulnerable to an external cyber threat such as hacking.  Rather, the three highest threats were:

  1. Employee errors and omissions
  2. Denial of service (DoS) attacks
  3. Security breaches by third parties

Employee errors and omissions

Awareness is a critical factor here, and Deloitte lists it as one of the top three security initiatives of 2013.  70% of TMT companies responded in the survey that employee mistakes were an average of high vulnerability.  The risks, as stated by Deloitte, include, “talking about work, responding to phishing emails, letting unauthorized people inside the organization, or even selling intellectual property to other companies.”  To counter this, companies are conducting awareness training, often through security firms with experience in the area, and creating materials that employees will see on a regular basis to remind them of their responsibility to protect the data they work with.

Denial of service (DoS) attacks

Denial of Service (DoS) attacks was also rated a high threat.  DoS attacks overload targeted information systems making them slow to respond to requests or taking them down entirely.  Due to the relative ease of conducting a DoS and the criticality of information systems to today’s businesses, it is no wonder that DoS makes the list.  These attacks are often triggered by saying something that irks a hacker group or by opposing a hacker group of their interests.  Organizations can protect themselves by monitoring the messages they are sending especially through social networking and by working out an incident response plan for handing a DoS attack that includes the public relations factors in addition to the technical ones.

Security breaches by third parties

Breaches by third parties are at the top of the listing party because the average company deals with so many third parties in the course of doing business.  In fact, 79% of respondents said the sheer number of third parties they deal with would be an average of high threat.  With so many third parties, it is difficult to determine if each has a sufficient level of security to protect adequately the data they work with and, as we all know, security is only as effective as the weakest link.  Organizations have responded by more thoroughly screening third parties and assigning them a risk rating for the type of data they will be working with through a process called vendor risk management.  The third party then needs to demonstrate security that is in line with the risk rating they have.  This process is required by regulations such as Sarbanes-Oxley Act (SOX), Payment Card Industry Data Security Standard (PCI DSS) and Health Information Portability and Accountability Act (HIPAA).

The threat landscape of 2013 continues to grow, and companies are tasked with more responsibility to protect the data they work with.  As can be seen from Deloitte’s survey, security awareness, denial of service and third party breaches are three major concerns for companies in 2013.  To protect themselves, businesses can conduct security awareness training, create incident response plans, and screen third parties who work with sensitive data.

Share Button

14 thoughts on “Data breach threats of 2013

  1. Nice post. I understand something extra challenging on distinctive blogs everyday. It’ll consistently be stimulating to read content from JurInnov’s security spotlight and the work you do looks very interesting. Great site.

    View Comment
  2. There are some interesting points in time in this article but I don’t know if I see all of them as the main priority this year for companies. There is certainly some validity but I don’t see companies taking them seriously.

    View Comment
  3. Right after I studied several of the weblog posts on your internet site I realized how important this information is. I genuinely like your way of blogging and I wanted to say thanks.

    View Comment
  4. I’m impressed, I should say. Genuinely rarely do I encounter a blog that’s both educative and entertaining, and let me tell you, you might have hit the nail on the head. Your list of data breach threats is outstanding.

    View Comment
  5. These are excellent points to bring up. I offer the thoughts above as general inspiration but clearly you will find questions like the one you bring up exactly where business is today.

    View Comment
  6. There are actually definitely plenty of details like that to take into consideration. I don?t know if companies are prepared for these threats but thank you for keeping us informed.

    View Comment

Leave a Reply