A Good Year for Cyber Criminals, Bad Year for Companies – How Will 2015 Fare?

This week, CIO reported that nearly a billion records were compromised in 2014. It shouldn’t be surprising, considering there seemed to be a hack or breach every week, but to see the number written out is pretty shocking. The article calls out that in the first nine months of 2014, after 1,922 confirmed incidents, criminals managed to compromise 904 million records. Many of the incidents reported in 2014 were record setting, including 20 that resulted in the compromise of more than a million records each. Many experts, including the ones here at Triumfant, have been wondering – as companies are planning their budget allocations for 2015, will security finally receive the attention (and spend) it deserves?

We recently conducted a survey to gauge security spending in relation to budgets as a whole, and the data we got back spoke volumes. The survey of security/IT professionals addressed both security spending during the past five years and current budget spend when it comes to protecting a company’s assets, employees and customers. Organizations are more concerned than ever about the security of their companies, yet 85 percent of respondents said the total spend on IT security is less than 25 percent of their total budget (with 53 percent indicating it’s less than 10 percent).

Our CEO John Prisco notes, “We are at the point where there is a major hack or a breach each week, and it’s disheartening that companies are still not putting the resources behind security. Our findings showed that when it comes to marketing, only 78 percent say spend is less than 25 percent of budget. Moving into 2015 and using what we learned over this year, those marketing dollars would be better spent proactively protecting against a breach instead of being available to cover for one after the fact.”

Additional key findings include:

  • Thirty-five percent of survey takers are barely concerned or not concerned at all, about a security breach.
  • While many still downplay their security concern, 56 percent of survey takers stated that budget for security resources increased during the past five years.
  • More than half (59 percent) of survey respondents also said they take cyber threats more seriously than they did five years ago.

So now what? From our perspective, it’s time to say good riddance to the “year of the hack” and hope that companies take the opportunity to allocate spending toward better protecting their assets in 2015.

Voting is Open for the 2015 SC Awards

The time is here to cast your vote for the industry’s most distinguished awards program. Voting is open for the 2015 SC Awards, which honor the professionals, companies and products that help fend off the myriad security threats confronted in today’s corporate world. This year Triumfant is up for nomination in two Readers Trust categories, including Best APT Solution and Best Managed Security Service. Winners in the Readers Trust categories are chosen by qualified readers and registrants of SC Magazine as well as end-users. Voters are asked to consider the functionality, manageability, ease of use and scalability of the product or service, as well as the customer service and support provided for it.

We’re always honored when Triumfant is recognized by the industry for the innovative work we’re doing in providing companies and government entities worldwide with continuous protection from advanced malware threats, but it means even more when our end-users, customers and partners validate our industry leadership. At Triumfant, our goal is ensuring that our customers have the confidence that their endpoint machines are secure, configured, and compliant and therefore ready for business in an increasingly hostile environment. If you believe that we have been successful in achieving this objective, we would appreciate your vote.

Please visit http://bit.ly/1oc3izs to see all nominees and cast your vote. Only subscribers to SC Magazine that are end-users have access to review and vote, but if you’re not an SC Magazine subscriber, subscribing is free. Voting ends November 17, 2014.

We thank you in advance for your help!

NYC Executive Roundtable October 23, 2014

Our CEO and President, John Prisco, is heading to NYC next week to join 14 other information security execs in discussing how to protect companies’ data from malware. The event will be moderated by the first CIO, Steve Katz, and will bring together top security executives in a roundtable to examine current strategies and concerns when it comes to next generation threats including targeted attacks, in-memory attacks, and zero day threats. These are issues that are not only producing big headlines, but also having a big impact on companies’ bottom lines. According to the Ponemon Institute’s 2014 report, the average cost of a data breach is $3.5M, which is up 15 percent from a year ago. With IT being asked to do more with less headcount and budget, enterprise security teams are struggling to protect network borders, endpoints, and other organizational assets.

Some of the specific points that John and the other panelists will be covering at the event on October 23 are:

  • Is the talk about increasing sophistication of malware real or hype?
  • How are you dealing with latest generation malware? How do you stay current?
  • Is detection the new prevention?
  • How do you explain malware risk to business management?
  • Does your company have any liability if your environment is compromised by malware that could have been detected?

Sound like an interesting roundtable topic or think your company may benefit from attending? Register here!

October is National Cyber Security Awareness Month – So where’s all the security?

October is National Cyber Security Awareness Month (NCSAM) but it appears that nobody has noticed based on the number of breaches we have witnessed since the beginning of the month. Let’s take a look at some of the most recent breaches that have garnered attention so far in October and what John Prisco, our CEO and President here at Triumfant, had to say about them:

  • Dairy Queen – On Thursday, Dairy Queen confirmed that nearly 400 Dairy Queen locations (and one Orange Julius location) were compromised by Backoff malware in August. When news of a potential breach first broke in August, Dairy Queen denied the breach initially but then began an investigation. Customers’ names, card information, and expiration dates were all accessed in the breach. Dairy Queen now believes that the malware has been contained, and the company’s website lists all affected stores as well as the dates of the attack. John spoke about the breach saying: “Would you like a breach with your sundae? Dairy Queen is another example of a company that is easy pickings for cyber criminals. There are a thousand more unprepared companies that will grace the front page of our newspapers over the next year. I scream, you scream, we all scream…pay with cash!”
  • JP Morgan Chase – While the story of this breach started in September, last week JP Morgan Chase confirmed that 76 million households and 7 million small businesses were impacted in a data breach in June and July. JP Morgan says that financial data—including account numbers, passwords, dates of birth, Social Security cards—was not accessed in the breach. Customers who use Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile may have had their contact information accessed, including names, addresses, phone numbers and email address. John spoke with eSecurity Planet on this matter: “Gone are the days when a tool like anti-virus was a good enough security solution and hopefully this serves as a proper wake-up call to the industry.”
  • AT&T – Also last week, Reuter’s reported that an employee at AT&T accessed personal information belonging to approximately 1,600 AT&T customers in August. AT&T informed these customers in a letter that their Social Security numbers, driver’s license numbers, and internal AT&T information were all potentially compromised by the employee, who has since been fired. AT&T is offering free credit monitoring services to customers, and recommends they change their account passcodes. After hearing about this, John said, “Anomalous behavior software is required to discover when an insider, while working on an endpoint computer, is ‘acting’ out of the norm. Until this type of defense is more broadly deployed, expect to keep seeing these headlines.”

While every month is National Cyber Security Awareness Month for us here at Triumfant, we think it’s an important initiative by the government and the security industry to work together to promote and spread awareness to those who may not be as vigilant about cyber security as they should be.

Even when we are not directly connected to the Internet, our critical infrastructure—the vast, worldwide connection of computers, data and websites supporting our everyday lives through financial transactions, transportation systems, healthcare records, emergency response systems, personal communications and more—is at risk. That’s why we are happy to support efforts to spread the word on helping us all becoming safer and more secure cyber-citizens.

For more information on National Cyber Security Awareness Month, visit Stay Safe Online.

CEO John Prisco to Talk Cybersecurity at Summits This Week

This week, our CEO John Prisco is making two stops on the East Coast to speak to the financial sector at the Billington Cyber Security Summit on Sept.16, 2014 in Washington D.C. at the Capitol Hilton and the Wall Street Journal Cyber Security Summit on Sept.18, 2014 in New York City at the New York Hilton.

At the Billington Cyber Security Summit on Sept.16, John will participate as a panelist on “Breakout 4: Finance Sector and Cyber Security,” from 1:30-2:20 p.m. ET. Along with experts from Goldman Sachs and Northern Trust, he will be sharing his expertise on the latest cyber-threat intelligence sharing in the financial services industry and how the financial sector is coping with mobile and cloud security and the Internet of Things (IoC).

On Sept.18 at The Wall Street Journal Cyber Security Summit, John will speak from 4:30-5:15 p.m. ET on a panel titled “Threats Facing Financial Institution & Global Markets.” The session will review ways to prevent and recover from serious attacks, protect private and confidential data and the emerging dangers organizations face as hackers are adapting and growing more dangerous.

We hope to see you there if you’re attending one or both of the summits!

Triumfant Lends its Expertise to Breaking News Stories on the Latest Cyber Attacks

Triumfant CEO Johnbreaking news Prisco has been busy lending expert commentary to the media on recent cyber-attacks – at home and abroad. First up, news that Russian hackers stole 1.2 billion user names and passwords in a series of Internet heists affecting 420,000 websites. The Russian gang also amassed 500 million email addresses that could help them engineer other crimes.

The reported break-ins are the latest incidents to raise doubts about the security measures that both big and small companies use to protect people’s information online – asking companies: “are you as vigilant as you can be?”

John Prisco shares his thoughts with the Associated Press:

“The breadth of these break-ins should serve as a chilling reminder of the skullduggery that has been going undetected on the Internet for years. This issue reminds me of an iceberg, where 90 percent of it is actually underwater. That’s what is going on here… So many cyber breaches today are not actually reported, often times because companies are losing information and they are not even aware of it.”

Supervalu is the latest retail chain to reveal a payment card breach. The supermarket chain confirmed Friday (Aug. 15) that that there was a payment card breach and consumer information may have been stolen from 180 Supervalu-affiliated stores across the United States. John Prisco shares his thoughts with Sean Michael Kerner of eWEEK:

John Prisco, president and CEO at Triumfant, also isn’t surprised and isn’t optimistic about retail security. “No one should be surprised about retail breaches,” Prisco said. “Retailers do not invest enough in cyber-security, and why should they? Consumers keep shopping at their stores.”

For a complete listing of Triumfant media coverage and news, visit: http://www.triumfant.com/news.asp

SINET Innovation Summit — July 17 in NYC

logo_sub

Triumfant CEO John Prisco is on the road again, speaking this week at the SINET Innovation Summit 2014 in New York City on July 17, 2014. Supported by the US Department of Homeland Security Science & Technology Directorate, the event connects Wall Street, Silicon Valley and the Beltway, bringing cyber security experts and business leaders together for the one-day event.

John will be a featured panelist during the 1:10 p.m. session “Big Data Solutions Rely on Security Analytics for Actionable Information Risk Intelligence,” moderated by L. William Varner, President, Cyber& Intelligence Solutions Group, ManTech International Corp. The panel will explore the processes and analytics that can better enable next-gen protection mechanisms and the landscape of existing limitations and current advances. Panelists will share real-world experiences and use cases describing successes that have been mounted when security operations teams are enabled with the right approach and not just the right tools.

We hope to see you at the event!

Follow

Get every new post delivered to your Inbox.

Join 621 other followers