For corporations, the threat of data breach is more dangerous than ever--but, according to a new study, most companies still do not take the measures needed to keep their information secure, nor are they always up front with their customers about security breaches.
A recent study by McAfee, a vendor of cyber security products, took a look into the ins and outs of cybersecurity when it comes to protecting corporate data, outlining the difficulties companies face while securing information. McAfee, it should be noted, has a fiscal interest in seeing companies beef up their cybersecurity defenses as it sells services and tools that guard against data breaches. Their study, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency" surveyed over 1,000 senior IT professionals in the U.S., U.K., Japan, China, India, Brazil and the Middle East.
Despite the danger of losing corporate intellectual capital or customer information to cybercriminals, it appears that companies have not always been vigilant about trying to improve security, even following successful attacks. Of all the organizations that had experienced a data breach, only half undertook actions to fix and protect their systems from later break-ins. A quarter of companies assess the risks to their data twice a year, or less.
These breaches have come at a cost: the research found that a quarter of organizations had a merger/acquisition or new product roll-out slowed or even stopped by a data breach or the threat of breach. Perhaps as a result, in China, Japan, U.K. and the U.S., companies spend more than $1 million a day on their IT.
But not many companies actually report suffering data breaches. Three in ten firms report all data breaches, with the majority, or six in ten companies, "picking and choosing" what breaches they share. Recently, Mozilla expressed its regret over failing to disclose a breach involving stolen SSL certificates for sites including GMail, Skype, Yahoo Mail and more. The attack was suspected to involve the work of the Iranian government.
McAfee notes the report "also shows that organizations may seek out countries with more lenient disclosure laws, with eight in ten organizations that store sensitive information abroad influenced by privacy laws requiring notification of data breaches to customers." And the biggest hassle may be yet to come, as the rise of devices like tablets and smartphones presents an as yet unsolved challenge for locking down information securely.
Negligence could prove even more problematic in the face of changes in the way companies are storing data. Economic troubles have caused more and more companies to look into processing data outside of their native country, with half of companies surveyed indicating they would be open to doing so. Some countries are seen as safer than others when it comes to data storage. While Germany, the U.K. and the U.S. lead the pack for perceived safety, China, Russia and Pakistan are seen to be the least safe.