3) Simple mistakes create more security breaches than malicious attacks. Even the most well-trained IT staff are human. While most organizations rightly worry about assaults on their data from hackers stealing data for profit, there is also the reality that a simple misconfiguration can also expose sensitive or regulated data. The breach notification laws don't care about who is at fault: if it's your unencrypted data that was exposed, you bear the cost and responsibility for notifying your customers or clients.
Again - the potential for bigger breaches or catastrophic datacenter disasters is much higher in virtualized environments. The cloud is built for agility, which means entire applications can be spun up, cloned, paused, or deleted in a matter of seconds. It is crucial that you implement controls and policies to ensure that privileged users - or those who gain their credentials - are prevented from doing damage.
The cost of breaches is increasing
Research by the Ponemon Institute about the cost and volume of data breaches noted that the 56 companies they surveyed experienced 102successful attacks per week, with a median annualized cost of $8.9 million. Both the number of attacks, and the cost, continue to trend upward each year.
The definition of a breach is also changing. Judges who determine the cause for class action lawsuits have also broadened their definition of how damages are defined. InfoSecurity Magazine commented on about the skyrocketing costs of legal damages and attorney's fees associated with data breaches, and the impact this is having on companies.
So, as you look forward to next year, what does your 2014 'perimeter' look like? If it looks more like lacey Swiss cheese than a concrete fortress, then it's time to evolve your organization's approach to security.
Sign up for CIO Asia eNewsletters.