*** INTL647 *** Ass 1 Ass 2 and Ass 3 ***** Make sure 3 word document *****

Data Breach White paper

Institutional Affiliations

Name

Course details

Professors Name

Date

Introduction

For organizations that deal with critical information such as trade secrets, customer data and proprietary business data, the exposure to data breach is real today than it has ever been before. According to the report of Internet crime complaint center released in 2007 about 206,884 complaints regarding computer organized crimes including data breaches were filed online leading to a loss of about $239 million. However, according to expert information, only one in about seven such cases get reported to the authorities. This means that the accurate figures of cyber-crime and data breaches are roughly seven times more. In 2008 alone, more electronic data were breached compared to the previous four years put together (Baker et al., 2011).

The increased cases of data breaches should not catch us unawares. In the present age where data is almost everywhere, it is difficult today than ever before for companies to safeguard their confidential data. Sophisticated heterogeneous IT environments have made data management and protection harder and have posed challenges to the response of such threats. Yet the present day corporate operations rely on their security tools and teams in ensuring that there is sharing and collaboration by an increasingly mobile workforce for the purposes of security and safety. While data breach is something that is well documented, there is not much understanding on why data breaches happen and what action can be taken to stop them. This paper focuses on the reason why data breaches occur, the sources of data breaches and the way forward in combating the breaches.

The trends in causes of data breach

To be able to prevent data breaches, it is important to understand why they happen. According to the Verizon Business Risk Team (Baker,2009) and the Open Security Foundation (Analysis and Statistics,2018).

The major reasons why data breaches occur include targeted attacks, well-meaning insiders and malicious insiders. In most cases, combinations of these factors cause the breaches. For instance, targeted attacks become easy when well-meaning insiders fail to follow security policies which then cause breaches (Baker, 2009).

Well-meaning insiders

Organizational employees who breach policies inadvertently continue to represent the biggest threat. The Verizon report suggests that 7 per cent of the data breaches that happened in 2008 were as a result of significant errors by well-meaning insiders (Baker,2009).

Some of the mistakes they get involved in include

Data exposure on desktops and servers

The frequent proliferation of unprotected data sources such as desktops, servers, laptops has been cited as the natural outcome of a highly productive workforce. In most cases well-meaning insiders who are not aware or forget organizational security policies send, copy or store sensitive information unencrypted. When a malicious intrusion occurs, confidential files used or stored without encryption become exposed to such malicious attacks.

Stolen or lost laptops

According to the Ponemon study of 2008, stolen or lost laptops were the major cause of breaches which represented 35 per cent of the pooled organizations (Ponemon Institute, 2018). Typically in huge organizations, missing laptops occur frequently.

Webmail, email and removable devices

According to Symantec, about one in every 400 email messages do have unencrypted information which is confidential (Symantec,2018 ). These network transmission platforms create risks that lead to data loss.

Others scenarios that lead to exposure include third party data loss incidences and automatic spread of critical data.

Targeted attacks

In the present day connected world where data is almost everywhere with the possibilities of the perimeter being anywhere-protecting assets of information from sophisticated intrusion techniques is a highly difficult task. Motivated by the rising drive and tides of organized crimes, identity theft has become one of the reasons why data attacks occur. Computer organized crimes are a criminal offence that experts have agreed on that have just started stirring whereby criminals are becoming better equipped and smarter every day which forecasts even worst in the coming days.

The four stages of targeted attacks

Malicious insider

This comprises a growing portion of data breaches and seemingly a bigger portion of the cost to organizations.According to the Pomenon study, breaches due to the negligence cause a cost of $199 for every record whereas the ones occurring as a result of malicious intrusion cost $ 225 per record (Ponemon Institute, 2018).

Six things can be done to prevent data breaches, they include

1.) Stopping incursion from targeted attacks

2.) Threat identification through the correlation of global security intelligence and real-time alerts

3.) Proactive information protection

4.) Security automation through IT compliance controls

5.) Prevention of data exfiltration

6.) Integrating response and prevention strategies into security operations.

Conclusion

Data security is of critical importance to many organizations. The format in which many companies store their data is of concern taking the consideration of the big data and security concerns that many firms have to put into an account to ensure that there is no security breach in the operational and client data. The organizations that deal with critical data, such as hospitals, face the stiffest challenges since they have to ensure that confidentiality is maintained in the course of the storing data. The advent of cloud technology and the rise in the cybercrime cases has proven to be a challenge to many organizations. As such, there is a need to review the previous approaches in data security and further research the new findings that could be put into consideration to enhance data security. This paper points out the reasons as to why data breaches occur and what can be done to combat them.

References

Analysis and Statistics. (2018). Retrieved from https://blog.datalossdb.org/analysis/

Baker, W. (2009). A study conducted by the Verizon Business RISK Team 2009 Data Breach Investigations Report [Ebook] (1st ed.). Retrieved from http://www.verizonenterprise.com/resources/security/reports/2009_databreach_rp.pdf

Baker, W., Goudie, M., Hutton, A., Hylender, C. D., Niemantsverdriet, J., Novak, C., ... & Tippett, P. (2011). 2011 data breach investigations report. Verizon RISK Team, Available: www. Verizon business. com/resources/reports/rp_databreach-investigations report-2011_en_xg. pdf, 1-72.

Ponemon Institute 2018 Cybersecurity Report (Information). (2018). Retrieved from https://www.gosolis.com/blog/ponemon-institute-2018-cybersecurity-report-information/

Symantec Data Loss Prevention | Symantec. (2018). Retrieved from https://resource.elq.symantec.com/campaigns-data-loss-prevention