How Cyber-Attacks Continue to Evolve, Despite Upgraded Security

Chris Preimesberger

It’s not always clear, or even measurable, who is responsible for a data breach on the enterprise side, but that doesn’t stop heads from rolling. The Sony hack notably exposed the raw thoughts of many employees, but the main casualty was Amy Pascal, who sat at the helm of the company’s film business. While her emails were far from the only ones uncloaked and her role removed from the IT department, her reputation took the biggest hit.

New attacks result in new impacts to businesses, and there’s a major difference across industries in how they measure the cost of hacks and their impact on relationships with customers. For the Targets and Sonys of the world, not only did the hacks have financial impacts, but they also affect intangibles such as consumer trust and brand image over time. Real costs associated with these intangibles—such as the reported $191 million taken from Target’s pocket—only reinforce the compound impact of breaches on business.

According to Juniper Research, data breach costs are forecast to increase beyond $2 trillion globally by 2019—nearly four times the estimated cost of breaches this year. Separate research from IBM and the Ponemon Institute sets the average cost of each data breach at $6.5 million. In considering what factors are at play, Juniper concludes the anticipated jump in data breach costs is attributed to fewer overall attacks on enterprises but more sophisticated and successful attacks on enterprise infrastructure. Among the hardest-hit industries are the banking and financial sectors, along with health care.

In 2014, a global survey by SafeNet found that nearly two-thirds of consumers said they would stop using or avoid dealing with a company that had experienced a data breach. The same goes for consumer or even personal brands when retaining loyalty. Take, for example, an athlete with a tarnished reputation, which instantly strips value from any brand he or she endorses. For example, Tiger Woods lost millions in sponsorship deals and fans when brands were quick to disassociate with him after his marital indiscretions. This is why businesses need to continuously evolve along with hackers and be proactive when embracing new security practices.

In industries where consumers can decide where to spend their money, a breach is likely to be much more significant than in industries that lack a competitive environment. Retail brands are in the market of choice and must engage customers with every touch-point online and off. Conversely, it’s a lot harder to switch health insurance providers if your employer only has one benefits program.

A recent survey of 200 corporate board members from Veracode and the New York Stock Exchange revealed that 40 percent would blame CEOs for breaches and most place accountability somewhere in the C-suite. Data security is the freshest line item at many board meetings and will only grow in significance as the innovation cycle continues to speed up and companies chart budgets for the years ahead.

Not only are hackers targeting individuals at the company level, but they are infiltrating email communications and accessing the depths of a company’s core, making this problem much more widespread and personal. Data resides on more devices and applications than ever. During the past five years, we’ve seen hackers shift from stealing people’s wealth to exposing their personal thoughts, emotions and opinions. Hackers are aware of this growing trend and are targeting personal information from fitness trackers and apps, wearable technology and anything connecting people with a digital pulse.

In 2013, IBM reported that 90 percent of the world’s data had been created over the past two years. Fast forward two years, we’re struggling with the challenges of protecting a tsunami of virtual information. With new strains of “sleeper” malware, such as ransomware, CryptoLocker and corporate doxxing, hacks today are destroying, deleting and corrupting sensitive corporate and personal data. For example, security vulnerabilities such as VENOM allowed attackers to compromise any virtualization platform, and the recent IRS data breach exposed 100,000 personal tax records.

As a result of this evolution, it’s imperative for businesses to address the problem facing every enterprise in the Information Age: Corporate data is everywhere. New-gen content-and-security solutions, such as Vera and others, protect business information no matter where it’s stored, and no matter how it’s shared. By attaching encryption, security and policy directly to the data itself, security practitioners and IT teams have the power to control data and information—no matter where it goes.