Skip to main content
close search
site logo
Dive Brief

Breaches set to taper off in 2018, but deep rooted vulnerabilities remain

Published Aug. 7, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Getty Images

Dive Brief:

  • After two years of a rising number of cyber breaches, 2018 is on pace to taper off, according to Momentum Cyber's most recent mid-year cybersecurity review. There have been 668 known breaches in the first part of this year and if that rate continues, there would be 1,336. There were 1,093 in 2016 and 1,579 in 2017. Importantly, the report cites a 10% decrease in data breach-related costs, down to $3.62 million over the past year.

  • The almost 302,000 open cybersecurity jobs are also a contributing factor to the rise in breaches. And although there are about 768,000 employed cybersecurity professionals, less than two-thirds of breaches are detected by an internal notification; the rest, nearly 40%, are found by an external notification.

  • Prior to GDPR's May 25 deadline, in 2016 companies invested $5.1 million in data privacy. From year-to-date in 2018, investments rose to $132.7 million.

Dive Insight:

CIOs can rejoice that it costs less to deal with a data breach, but experts agree it's not a matter of "if" and attack or breach occurs, it's "when."

The dilemma facing tech organizations involves the current job market. Does a CIO fill more jobs to combat a problem that is largely identified from outside sources? Or would having more workers increase the odds that breaches are discovered internally? And are those same employees making attack vectors easier for bad actors through social media, applications and mobile devices?

To ward off the increase in data breaches, data encryption has become a cornerstone of security, but employees who bring shadow IT into the workplace may be ignorant to these security measures.

The more autonomous departments and employees get, the more IT they take on independently and free from central IT's authorization. This creates a void in security.

However, IT departments "treating shadow IT as a cancer and trying to kill everything" will not correct a company's underlying issues, said Patric Palm, CEO of Favro, in an interview with CIO Dive. The sense of freedom non-IT departments feel when customizing applications is from the cloud.

The cloud can lay an unintentional welcome mat for attackers. For example, AWS S3 buckets have been at the root of data leaks from the Department of Defense, WWE and Verizon, and this is largely because attackers are focusing on cloud-based storage and online repositories.

To address the issue with internal detection, organizations need to put a data curator in place to oversee and have control over data asset inventory. And most easily, organizations should use the tools readily provided for them by major cloud vendors. These services include automatic services that can crawl through buckets looking for personally identifiable information a company may have collected.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Blackpoint Cyber Launches Global Partner Program and Enablement Platform Emphasizing a Focus o…
From Blackpoint Cyber
October 30, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell