Cybersecurity Roundup: Scary Stats, Vade Secure, eSentire and Forcepoint
With Halloween just around the corner, lots of people are looking for chills, whether through watching scary movies or visiting haunted attractions.
But the real terror lies in cybercrime, where cybercriminals never sleep and you never know if or when a data breach will make your life a nightmare.
Need proof? Check out these terrifying statistics:
- Data breaches exposed 2.8 billion consumer records in 2018, costing U.S. organizations more than $654 billion, according to research by ForgeRock. Personally identifiable information (PII) was the most targeted data for breaches in 2018, accounting for 97% of all breaches, with unauthorized access encompassing 34% of all attacks.
- Some 3.4 billion fake emails are sent every day, while 90% of large tech companies are vulnerable to email spoofing, according to Valimail.
- Companies are spending an average of $18.4 million annually on cybersecurity, yet 53% of IT experts admit they don’t know how well the cybersecurity tools they’ve deployed are working, according to an Attack IQ/Ponemon Institute study. Only 41% of respondents said their IT security team is effective in determining and closing gaps in IT security infrastructure, while 75% said their IT security team is unable to respond to security incidents within one day.
- Some 38% of the 2019 Fortune 500 do not have a chief information security officer (CISO), and once data breaches hit, it took an average of 46 days for the companies’ stock prices to return to their pre-breach levels, according to Bitglass research. Only 12% of enterprises are consistently able to detect insider threats stemming from personal mobile devices, including those that are off premises or lack agents, it said.
We spoke with some of these companies to find out what’s behind these scary statistics.
Ben Goodman, senior vice president of ForgeRock, said the opportunities that emerge with consumer PII are seemingly endless. Once PII is compromised, it can easily make its way to the dark web where it can be used for identity theft, synthetic identity creation and robotic account takeovers, he said.
“While enterprises continue to invest heavily in information security products and services to defend against threat actors, they are struggling to neutralize cybercriminals’ abilities to exfiltrate consumer PII,” he said. “It is essential that enterprises critically evaluate their identity and access management (IAM) strategies, practices and solutions to ensure they are adequately protecting their users’ PII.”
At a minimum, enterprises need to consider MSSPs and cybersecurity providers that provide modern, intelligent authentication methods that move beyond simple username and password, and provide fine-grained authentication to protect and secure resources, Goodman said. This needs to be a top priority for enterprises of all types and industry sectors as cybercriminals show no sign of slowing down, he said.
Stephan Chenette, Attack IQ’s co-founder and CTO, tells us organizations must have in place a solution that continuously assesses the viability of their security controls to make sure that they are enabled, configured correctly and operating effectively to thwart attacks and prevent data leakage.
“Cybercriminals are continuously looking for gaps in security defenses and overlooked basic security misconfigurations,” he said. “Channel partners provide enormous value in offering trusted recommendations to enterprises on their security needs, and the AttackIQ platform helps these providers determine specific needs of their customers and continuously validate whether new and existing security controls in customer environments are operating as intended.”
Jacob Serpa, Bitglass‘ senior product marketing manager, tells us some organizations have a misguided belief that they are not likely to be a target for hackers and, consequently, assume that they don’t have to worry about cybersecurity as much as …