Several high profile security breaches made the headlines in 2014—Target, Home Depot, and Sony top the list. Most of us do not see the aftermath of these massive data breaches. Not only are companies like Target struggling to regain customer trust, the fallout and loss of revenue may take years to rebuild.
JPMorgan spends $250 million on computer security every year. However, other loopholes in their system made them vulnerable, nonetheless. According to experts, however, companies still believe such attacks will not happen to them, and that denial is reflected in their budgets.
Ponemon’s recent study, “2014: Year of the Mega Breach,” reminds executives to allocate additional funds to their security budgets as a result of recent times. DarkReading’s Sara Peter summaries results of the study as follows:
- Sixty percent of organizations have increased their security spending by one-third — but many security managers still don’t think that’s enough.
- Only 67 percent of respondents said that their organizations gave them sufficient budget to defend against data breaches, even after the Target incident. On a scale of 1 to 10, upper management’s concern about breaches increased from 5.7 to 7.8.
The report does not make it clear how much is being invested in new personnel. The majority of technology spending is going to endpoint security, intrusion detection systems, and security incident and event management (SIEM) systems.
Organizations also reported that they’d made operational changes to enhance breach security. Half said they’d begun new security training and awareness activities, and 56 percent established incident response teams.
“Businesses are clearly spending money to prevent cyberattacks, but data breaches still occur. There must be a balance between blocking threats and reducing the footprint of vulnerable, sensitive data,” said Todd Feinman, CEO of Identity Finder. “JP Morgan Chase spent over $250 million on cyber security last year, but still suffered from a significant data breach. The recent Sony cyberattack where millions of instances of Social Security numbers were found within hundreds of files is an unfortunate example of the damage that can occur when an attack gets through and organizations don’t properly store and classify sensitive information and don’t remove outdated or redundant data completely.”
IT SECURITY SUPPORT: Blue Mountain Data Systems provides IT Security Support Services for Federal Civilian Agencies. Looking to find Vulnerability Scanning and Testing, Penetration Testing, Risk Assessment & FISMA Reporting for your Federal Agency? Call Paul Vesely at 703-502-3416.