IBM study demonstrates necessity of cyber security efforts | ALC Training News

  • No comments

For many businesses a data breach may seem like something that only ever hits large enterprises, as the attackers are after sensitive records or financial information.

The truth is much more startling, however, with no company or sector safe from a data breach. Cyberattackers stand to gain a lot from a successful attack, whether it’s through selling on data or simply damaging the company for another purpose.

This past year saw the total number of attacks on US retailers drop, but the amount of stolen information climb. It’s time for businesses to start placing an emphasis on information security endeavours.

Understanding retailer attacks

There was a 50 per cent decline in the total number of cyber attacks against US retailers in 2014, according to a new study from computer company IBM.

While this may sound like an improvement over 2013, the actual number of stolen records is still high. In fact, even though the number of breaches actually dropped, attackers extracted 61 million records from US retailers.

IBM security researchers say this is evidence of “increasing sophistication and efficiency” when it comes to attacks. New methods mean cyber criminals can better plan their assaults on businesses, lifting greater quantities of information in fewer attacks. This is likely a preferable approach to carrying out many smaller breaches.

“The threat from organised cyber crime rings remains the largest security challenge for retailers,” said Kris Lovejoy, general manager for IBM security services.

“It is imperative that security leaders and chief information security officers in particular, use their growing influence to ensure they have the right people, processes and technology in place to take on these growing threats.”

Interestingly, cyber attacks slowed down on the two busiest American shopping days – Black Friday and Cyber Monday. The number of data breaches dropped by over 50 per cent from 2013 during the two days.

IBM noted that retailers and wholesalers were the top targeted industries in 2014, likely due to the substantial amount of customer information retained by these types of business. This quite a change from two years prior, where manufacturing took the top spot.

While businesses may understand why cyber attackers go after sensitive information, what actually happens following an attack?

The damage of a breach

Once attackers manage to breach a server and steal sensitive information, whether it’s credit card details or the personal data of customers, companies face a substantial degree of risk.

Firstly, there’s the threat of reputation damage, as customers will be less willing to place their trust in the IT systems of the company, knowing that a breach has occurred.

In competitive markets where other companies offer similar services, customers could easily jump ship.

There is also the financial risk of a cyber attack, as the business will need to both invest in new security systems to prevent attacks from occurring in the future and reimburse customers if necessary.

Following an attack, companies should address the breach by securing other systems, form a team to locate the source of the breach and put a fix in place and begin testing it.

Businesses should also take steps to notify customers of the attack and keep them informed of any ongoing developments.

How SABSA can help

If security systems are the wall against which cyber attacks push up against, then a strong security framework is definitely the supporting structure.

When staff can use a security architecture framework like SABSA to put strong systems in place and subsequently maintain them, ongoing security will be far easier.

Speak to ALC Training to get started with a highly capably security framework – one designed to ensure businesses are always prepared to implement strong security architectures.


ALC Training