Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cybersecurity 2014: Breaches and costs rise, confidence and budgets are low

George V. Hulme | Nov. 6, 2014
Following a year of high confidence in their enterprise security programs, CSOs were met with a tough year of stagnant budgets, an increasingly vulnerable Internet, and more successful attacks.

flooded
Credit: Thinkstock

In 2014, it seemed that no industry went unscathed. The data breaches this year were broad and deep. Software maker Adobe was hit for 152 million records. Online marketplace eBay was drained of another 145 million; Bank and financial services firm JP Morgan Chase 76 million; retailers Target and The Home Depot for another 70 million and 56 million records, respectively. There were numerous healthcare breach disclosures as well, such as at Community Health Services, which lost records on 4.5 million patients.

The attackers are getting creative and they are costing businesses big. In its October earnings call, eBay cited its data breach as one of the primary reasons for dramatically lower third quarter revenue growth. Earlier in October, security vendor Invincea released information on how attackers are targeting organizations in the defense and aerospace industry through highly targeted malicious advertising.

Despite it being yet another year of staggering data breaches, and as you'll see later from the 12th annual Global State of Information Security Survey 2015 conducted by PricewaterhouseCoopers and CSO, these breaches are costing enterprises more -- and information security budgets aren't keeping up with the threat. In some cases, they even have fallen slightly. It's as if security teams manage to make a small foothold against cyber attacks one year, and the next year they slide back.

2014's big cyber chill
Financially motivated breaches aren't all that continued to make their mark this year. International espionage-related hacking remained big in the headlines. Notably, the US government took unprecedented action in May when a Pennsylvania grand jury indicted five members of the Chinese military on felony hacking charges.

While largely lauded as a bold step, not everyone cheered the move. "This is probably the worst thing we could have done," said retired Lt. Col. William Hagestad II, author of the book Operation Middle Kingdom: China's Use of Computers & Networks as a Weapon System, in our story published earlier this year. "When we place them on the same wanted posters as jihadists and terrorists, we say that we don't understand them and are out of ideas. And if there was any relationship building in place, it was castrated with this dumb action," he said.

The result of that indictment played heavily, Hagestad contended, into the chilling of the trade ties between the US and China this year. Audi, GM, Volkswagen, and companies in the tech sector "are all now being investigated for fraud or malfeasance because of that [indictment] action," he said.

Executives take notice
The cybersecurity headlines and data breaches are having an impact on perceptions of security by executives. "Especially when executives see the fallout at the executive level," says Kenneth Swick, information security officer at Citi Group. "I am seeing higher budget allocations, and from the additional recruitment activity across industries I am absolutely certain that financial sectors are responding to all of this breach news."

 

1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.