Upload File

cost of information systems security breaches · 2016. 4. 4. · average cost of a security breach...

  • Home
  • Documents
  • Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average
28
Cost of Information Systems Security Breaches • Saeed Karimabadi March 14, 2016 IT IS 5401- Foundation of IT Service Management Sprott School of Business

Upload: others

Post on 06-Oct-2020

0 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Cost of Information Systems Security Breaches

• Saeed Karimabadi

March 14, 2016IT IS 5401- Foundation of IT Service Management

Sprott School of Business

Page 2: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Average Cost of a Security Breach

Average Total Cost of a data

breach

2014: $3.52 Million

2014: $3.52 Million

Average Cost of each Stolen

record:

2014: $145 per record

2015: $154 per record

• IBM report on Cost of Security Breach , May 2015

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 2

Page 3: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Data Breach Victim Demographics - 2015

Public Services

Information Services

Financial Services

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 3

• Data from Verizon’s 2015 Data Breach Investigations Report

Page 4: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Data breaches cost per capita and GDP

The average per capita cost of data breach:

US : $217

Germany : $211

Brazil : $78

India : $56

Data breaches cost the most in the US and

Germany and the lowest in Brazil and India.

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 4

Page 5: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Organizations Data Security

Brazil and France:

Least Secure Organizations

• Organizations in Brazil and France are more likely to have a data breach

Germany and Canada:

Most Safe Organizations

• Organizations in Germany and Canada are least likely to have a breach.

I T S e c u r i t y B r e a c h C o s t - S P R O T T S c h o o l o f B u s i n e s s 5

Page 6: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Breach Discovery – Primary Challenge

• It contrasts how often attackers are able to compromise a victim in days or less (orange line) with how often defenders detect compromises within that same time frame (teal line).

• Indicating a growing “detection deficit” between attackers and defenders.

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 6

• Data from Verizon’s 2015 Data Breach Investigations Report

Page 7: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Possible Outcome of a Security Breach

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 7

• Damaged Intellectual Property: Blue prints, designs

• Revenue Lost: Downtime

• Theft: Bank Information, Transfer codes

• Vandalism: False or discrediting information

• Loss of customers : Lose customers trust

• Damage to business reputation

• Compliance obligations

• Government investigations

• Civil litigation

Page 8: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Key Costs to A Data Breach

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 8

Page 9: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Cost Components

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 9

Page 10: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Hidden Costs

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 10

Page 11: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Increasing Cost of Data Breach

• Cyber attacks have increased in frequency and in the cost to remediate the consequences.

Attacks Frequencies

• The consequences of lost business are having a greater impact on the cost of data breach.

Lost Business Cost

• Data breach costs associated with detection and escalation increased.Detection Cost

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 11

Page 12: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Recent Major Data Breaches

12IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 12

Page 13: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

JP Morgan Chase data breach 2014

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 13

Largest bank in the United States

World's sixth largest bank by total assets.

Over 83 million accounts

76 million households (approximately two out of three households in the US )

7 million small businesses.

JPMorgan spend $250 million on computer security every year.

Page 14: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Sony PlayStation Security Breach 2011

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 14

Page 15: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Sony Pictures Hack 2014

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 15

Damage:

$1.25 billion from

• Lost business

• Various compensation costs

• New investments

100 terabytes of data was stolen containing:

• Personal information about Sony Pictures’ employees and their family

• E-mails between employees

• Information about executive salaries

• Copies of unreleased Sony films

System availability denied, degraded

Lawsuits

Brand damage

Page 16: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Staples Data Breach 2014

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 16

Stolen Data

• Cardholders names, card numbers, expiration dates and card verification codes of 1.16 million customer credit and debit cards used at 119 Stapled locations in 35 American states

Long Breach Discovery

• This data was stolen over a period of up to Six months.

Consequences

• Caused the resignation of the company’s CEO during mid-2014

• The attack cost financial institution $200 million

• Profit fell 46 percent in fourth quarter of 2013

Page 17: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Adobe Data Breach 2013

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 17

Stolen Data

• 38 million passwords, 3 million credit card records and source code to several programs.

Quick response

• Being a Silicon Valley-based tech company, was clearly ready to contain the damage even though its security measures had failed.

Page 18: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

eBay Cyber Attack 2014

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 18

• Stolen Data• Personal Data of 233 million registered account

• Poor Response to Crisis• The company failed to send out a mass email in

a timely manner to customers

• It waited two weeks instead of one to notify investors and customers.

Page 19: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Reduce Cost of Data Breach

19IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 19

Page 20: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Executive Level Involvement

• 79 percent believe that executive level involvement is necessary.

Executive Involvement

• 70 percent believe board level oversight is critical.

Board Level oversight

As evidence, CEO Jamie Dimon personally informed shareholders following the JPMorgan Chase data breach that by the end of 2014 the bank will invest $250 million and have a staff of 1,000 committed to IT security

Executives opinion:

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 20

Page 21: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

How to Reduce The Cost

• Board involvement and the purchase of insurance can reduce the cost of a data breach. Board Involvement

• The loss of customers increases the cost of data breach. Loss of Customers

• Notification costs remain low, but costs associated with lost business steadily increaseNotification Cost

• Time to identify and contain a data breach affects the cost.Time to Identify The Breach

• Business continuity management plays an important role in reducing the cost of data breach.Business Continuity

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 21

Page 22: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Information Security Basics: The CIA Triad

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 22

• Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization.

• Balances the competing requirements of confidentiality, integrity and availability with equal emphasis on each.

Page 23: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

What To Have In Place Prior To A Compromise

• Create an action plan on what to do if you are breached.

• Practice that plan periodically.

• Have a list of all relevant contacts, emails, numbers, etc.

• Potential agreement with forensic firms already prepared.

• Identify all third parties that touch, store or transmit card data on your behalf.

• Be familiar with your vendor agreements to understand your/their responsibilities in regards to PCI compliance and breach notification.

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 23

Page 24: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

What To Do If Compromised

1. Notify the incident internally

2. Assemble a response team

3. Investigate the incident

4. Determine whether the incident constitutes a reportable breach

5. Contain the breach and mitigate harm, to the extent possible

6. Notify affected persons, Law enforcement, Government and Media

7. Respond to inquiries

8. Improve processes to avoid future data breaches

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 24

Page 25: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Data Security Regulations

25IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 25

Page 26: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Regulatory compliance & state codes

Texas Business & Commerce

Code

FISMA

• NIST SP 800 – 122

• FIPS 200

HIPAA / HITECH Act

Payment Card Industry (PCI)

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 26

Page 27: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Texas Business and Commerce Code

• Sec. 521.052 BUSINESS DUTY TO PROTECT SENSITIVE PERSONAL INFORMATION.

(a) A business shall implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect from unlawful use or disclosure any sensitive personal information collected or maintained by the business in the regular course of business.

• Sec. 521.053 NOTIFICATION REQUIRED FOLLOWING BREACH OF SECURITY OF COMPUTERIZED

“…shall disclose any breach of system security, after discovering or receiving notification of the breach, to any resident of this state whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made as quickly as possible,…”

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 27

Page 28: Cost of Information Systems Security Breaches · 2016. 4. 4. · Average Cost of a Security Breach Average Total Cost of a data breach 2014: $3.52 Million 2014: $3.52 Million Average

Payment Card Industry (PCI)

Anyone who stores, process, or transmits credit card data must be PCI compliant

Common PCI validation requirements Report on Compliance (ROC)

Self-Assessment Questionnaire (SAQ)

Letter of Attestation

Quarterly PCI scans

Sample PCI Data Security Standards Requirements Annual Penetration Testing (DSS 11.3)

Security Awareness Training (DSS 12.6)

Quarterly PCI scans (DSS 11.2)

IT Security Breach Cost - Sprott School of Business - ITIS 5401 IT Service Management 28


The Role of Early Detection for Breach Prevention · 2018-02-10 · appear to be growing in severity. The average breach, for example, has risen to $165 per record, as stated in the

Introducing The Vanguardian In this edition...The global cost of data breach decreases. The average cost of data breach decreased 10 percent and the per capita cost decreased 2.9 percent

The GDPR - Breach Notification and Global Breach Response

Stealthwatch - Cisco · Network threats are getting smarter Industry average detection time for a breach Industry average time to contain a breach Average cost of a data breach Motivatedand

Breach, breach, breach…

3.52 Solution

PRODUCT PERFORMANCE RATING - KAISAI...EFFICIENCY AVERAGE W55 Pdesignh Average W55 5.70 kW SCOP Average W55 3.52 ηs Average W55 138.00 Page 5 PRODUCT PERFORMANCE RATING

TRANSFORM YOUR IT SECURITY IN 3 STEPS · recent study, the average total cost of a data breach increased from $3.52 million to $3.79 million in just one year.2 For organizations that

Global Data Breach Notification Laws: Meeting Requirements ... · According to the latest Cost of a Data Breach Study: Global Analysis, the average total cost of a data breach for

$3.5M The average cost of a data breach to a company 243 The average number of days that attackers reside within a victim’s network before detection 76%

Data Breach Response Guide - International Association of ... · The cost of a data breach can average $214 per compromised record1. Multiply that by the hundreds or thousands –

A broker guide to selling cyber insurance · average cost of a data breach globally at approximately $4 million. 1 INCIDENT MANAGEMENT CYBER THREATS ... Mandatory Data Breach Laws

Brief introduction to General Average 20th May 2014 Intro to GApptx.pdf · Essential Features ... Bond, Average Guarantee, Cash Deposit, ... guarantee of payment if vessel in breach

ICO BREACH REPORTING IN NUMBERS - Redscan › media › ICO-Breach_infographic2019_V8.… · ICO BREACH REPORTING IN NUMBERS The research identifies ... Days On average, Financial

Miss Jarrelljarrellmnps.weebly.com/uploads/8/6/3/3/86337132/p1... · Weight 2-52 .7 3.52 7. The table shows the average weights of some endangered mammals. What Is the weight of each

Preparing for a Data Breach - Systems Engineering · 2020. 4. 10. · data breach. $148 average cost per lost or stolen record. 27.9% likelihood of a reoccuring material breach over

Miss Jarrell - Homejarrellmnps.weebly.com/uploads/8/6/3/3/86337132/p3... · Weight 2-52 .7 3.52 -ILI 7. The table shows the average weights of some endangered mammals. What Is the

SVC Manual(Exploded View)friedrich.gear.host/documents/dss/960-920-11_1_EX_VIEW_M...Cooling COP - 3.52 3.52 3.16 EER - 12.0 12.0 10.8 SEER - 18.0 18.0 20.0 HSPF 9.7 - - Power Supply

General Data Protection Regulation - Groveidentify a data breach is 201 days and the average time to contain a data breach is 70 days. This requirement does mean that companies will

PROTECT AGAINST A DATA BREACH & ADDRESS PCI DSS …€¦ · According to the 2016 Cost of Data Breach Study: Global Analysis, the average cost of a breach to a company was $4 million

2018 Cost of Data Breach Study - Trustmarque · Significantly reduces the cost of a data breach. Without BCM involvement, the average cost of a data breach was $157 per record. With

Data Breach Strikes - Nerds & Geeks Unite Breach Trends – Health Care 96% of Health Companies Surveyed had a Breach • Average of 4 over past 2 years • 46% had more than 5 in

2011 Cost of Data Breach Study: Germany · The total average cost of data breach over four years is shown in Figure 2. The total cost of data breach increased very slightly from €3.38

preventing the next data breach - MicroAge · data breach resolution; loss of goodwill and customer churn. Recent research cites the average total cost of a data breach as $4 million

D&O Insurance Insights - Allianz D&O Insurance Insights 15 D&O Insurance 2016 Average claim value for breach of trust/ fiduciary duty €1m+ Average claim value for non-compliance

Respond, Recover, Thrive to a Cyber Breach Channel Islands ...€¦ · Data Breach Figures 2020 projection * Average total cost of a data breach $3.92M Cost per lost record $150 By

3.52 Chapter 03 VBScript

Productivity in the construction industry 33 Productivity in the... · labour productivity of 3.52 per cent, the average for construction was a healthy 4.81, up to a ... Productivity

security - s24551.pcdn.co€¦ · Average total cost of data breach 383 Increase in total cost of data breach since 2013 Average cost per lost or stolen record Increase in per capita

Security Breach Notification Laws/media/files/pdfs/Weils_Security...A data breach can result in massive exposure for businesses. According to a recent study, the average cost of a

prismic.io · 2020-03-17 · Average total cost of a data breach $3.92M Average size of a data breach Cost per lost record $150 25, 575 records Time to identify and contain a breach

GOV UK · REPORTING BREACH £1.15m AVERAGE COST OF SECURITY BREACH Source: 2014 Information Security Breaches Suwey sponsored by the Department for Business, Innovation and Skills

2015 Cost of Data Breach Study: Global Analysis Global CODB FINAL … · The cost of data breach varies by industry. The average global cost of data breach per lost or stolen record

Privacy Breach vs. Security Breach

Cybersecurity: Legal Perspectives · The average cost of a data breach in the study was . $6.5 Million. The average cost per stolen record has increased from $201 last year, to