Data Breach Survival Guide
The cost of a Data Security Breach
As the number of Internet-connected devices skyrockets into the billions, a Data Breach Prevention Strategy is an increasingly important part of any organization’s ability to manage and protect critical and confidential information.
Since 2005, The Ponemon Institute has examined the cost incurred by organizations after experiencing a data breach. The results represent cost estimates for activities resulting from actual data loss and data security breach incidents. The risk and cost of a data breach continue to grow. The recent Ponemon Institute Cost of a Data Breach study found the average cost of a data breach to be $6.75 million with average cost per compromised record more than $200.
How does a Data Breach happen?
Research into the root causes of data breaches and security breaches, gathered from the State of Software Security Report, Verizon Business Risk Team and the Open Security Foundation, reveals three main types of data breach causes:
- Benevolent insiders
- Targeted attacks
- Malicious insiders
In many cases, breaches are caused by a combination of these factors. For example, targeted attacks are often enabled inadvertently by well-meaning insiders who fail to comply with data or security policies, which can lead to a data breach.
Guarding Against a Data Breach
Use this checklist as a quick reference tool to help protect your enterprise from a data breach and a security breach:
- Prevent data exfiltration. Data exfiltration is defined as the deliberate dissemination of sensitive information from an application to a third party via common data transmission methods
- Identify threats by correlating application security quality with global security intelligence
- Proactively protect information. An example of this is scanning all your applications for security holes
- Implement an application security policy across your company
- Stop incursions by targeted attacks
Veracode helps prevent Data Breaches
The gateway to your data is through your applications. Attackers know applications are the weak link in today's computer networks and they look for vulnerabilities in applications that provide access to sensitive data. Testing applications for security vulnerabilities reduces the risk of a data breach. Using Veracode as part of your Data Breach prevention strategy allows you to understand the weaknesses in your applications and provides a path to improving the overall security quality of all the applications running on your network and mobile devices.
Examples of critical and confidential data that applications can access include:
- Intellectual Property: source code, product design documents, process documentation, internal price lists
- Corporate Data: Financial documents, strategic planning documents, due diligence research for mergers and acquisitions, employee information
- Customer Data: Social security numbers, credit card numbers, medical records, financial statements
Protecting the security quality of your applications is an important step in any data breach strategy. Veracode provides security testing software and remediation that produces a prioritized report of flaws that can lead to data breaches. We then work with your developers to fix the flaws in accordance to your risk management policies.
Written by: Fergal Glynn