It used to be that the biggest threat to corporate data breaches was simple incompetence. But even as the volume of malware remains roughly constant, the incidence and cost of malicious attacks on corporate networks are increasing.
Malware Contained? Google recently updated (http://googleblog.blogspot.com/2013/06/transparency-report-making-web-safer.html) its Transparency Report (http://www.google.com/transparencyreport/) to showcase fluctuating levels of malware and phishing. The good news is that while phishing sites have increased, malware seems to somewhat contained:
(http://readwrite.com/files/Malware%20-%20Google.png)
This will come as small consolation to enterprises, however, which are coping with a 614% increase in mobile malware exploits in the last year alone, according to a new report from Juniper Networks (http://www.marketwire.com/press-release/juniper-networks-finds-mobile-threats-continue-rampant-growth-as-attackers-become-more-nyse-jnpr-1805844.htm). Up to 92% of such malware has been targeted at Android, given its dominant market position.
While most of the malware remains targeted at retail consumers, sending fraudulent premium SMS messages, the report finds that "several attacks...could potentially be used to steal sensitive corporate information or stage larger network intrusions," giving hackers the ability to "use the mobile device to do reconnaissance and go deeper into the corporate network."
Unfortunately, this isn't simply a hypothetical problem.
Corporate IT Under Siege Even as IT departments and users have apparently become less prone to system glitches and negligence, according to a 2013 study by the Ponemon Institute and Symantec (http://blogs.hbr.org/cs/2013/06/the_escalating_cost_of_softwar.html) of 277 companies that experienced losses or thefts of protected personal data, the incidence of malicious attacks is rising fast.
(http://readwrite.com/files/maincausesdatabreaches.gif)
And while it's never been cheap to have hackers hit your system, the cost from malicious breaches is rising sharply.
(http://readwrite.com/files/costdatabreachesovertime.gif)
While all enterprises need to concern themselves with data breaches, the cost of infiltration increases significantly for highly regulated industries like Finance and Healthcare.
Raise The Barricades? What to do? It's simply not going to work to demand an entire enterprise use a particular phone - those days of Blackberry uniformity are over - and it's not clear that attacks mostly originate at the device level, anyway. Mobile devices are being used to infiltrate corporate networks, but much of the threat remains on the server side.
As the report finds, U.S. and U.K. companies received the greatest reduction in data breach costs by having a strong security posture, incident response plan and chief information officer appointment. The U.S. and France also reduced costs by engaging data breach remediation consultants.
In other words, while it's impossible to blockade all threats - the Ponemon Institute found that 51% of enterprises report getting hit with hourly attacks - a little vigilance goes a long way.
Image courtesy of Shutterstock (http://www.shutterstock.com).
ReadWrite