Cisco’s has just published its 10th annual data breach report, the Cisco 2017 Annual Cybersecurity Report: Chief Security Officers Reveal True Cost of Breaches And The Actions That Organizations Are Taking. IT security experts from Lastline and NuData Security commented below.
Brian Laing, VP of Business Development and Products at Lastline:
.
Don Duncan, Security Engineer at NuData Security:
“CISCO’s findings that 22% of breached organizations lost customers and a significant number of these companies lost 20% of their entire customer base is a sobering data point for any organization when considering whether to disclose a breach publically. Regulations may be coming that will force disclosures. Until that happens, with so much at risk it’s no wonder that breach numbers are vastly underestimated. The other important point to note with this finding is what we’ve all known for a while now –breaches are very impactful to customers and influence their loyalty. It’s not news that lost customers, revenue, business, and opportunities are part of the fallout from severe breaches, and this study can help many companies grasp the magnitude of what is at stake. What is new is how the attack vectors are changing; becoming more organized and nimble.
“Steadily increasing rates of account takeover (ATO) indicate that passwords and 2FA are hopelessly compromised following the enormous release of personally identifiable information (PII) from the surge of breaches. NuData’s research from its Trust Consortium has found that high-risk events more than doubled last year, with a 40% increase in login attacks. There was a staggering 600% increase in login anomalies, indicating that there has been a shift from credit-card fraud to login (account-based) fraud. Fraudulent account creation attempts also climbed to 60% versus 39% last year, and we’ve seen an alarming increase in scripted botnet activity that rose 412% from the previous period.
“Cloud applications, third-party apps, and other automation provides business opportunity leveraging customer convenience. Merchants and banks see a chance to increase revenues with these improvements, yet there is significant risk for organizations who require a way to intercept fraudulent automation while allowing whitelisted activity to pass through. Many solutions just aren’t that good at stopping fraudulent automation and also inject friction into the authentication process increasing rates of customer insult. Adding more friction poses a challenge for those companies such as finance, travel and rewards organizations who are dependent on repeat business and must reduce any friction at all costs to remain competitive.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.