"It will surprise no one to hear that 2014 hasn't been a banner year for information security. As threats continue to expand in scope and become more sophisticated, with many reports of organized hacking rings rivaling history's most notorious criminal groups, it's tougher than ever to shield enterprises and the general public from cybersecurity compromises.
The seemingly endless list of data breaches is evident from picking up the newspaper and finding yet another report of an organization under duress or a customer base with its credit card information leaked. It's also supported by statistics - according to the Identity Theft Resource Center, which tracks data breaches, there have been 679 such incidents in the U.S. this year. That sounds like a lot, and it is more serious when compared to years previous - it's a 25.3 increase from the same time last year. It averages out to a new victim of a data breach every three seconds. There's still slightly more than a month left in 2014, and with the year's biggest e-commerce and retail period kicking into high gear, data breaches probably aren't over. It's no exaggeration to say, then, that 2014 might have been the worst year on record for data breaches.
No one would suggest that data breach avoidance has been crystallized in any way. Many organizations are taking a long time to mobilize their forces against cyberthreats, mired in resourcing, budgetary, hardware or personnel issues. Others just don't know where to start. On the other hand, enterprises are starting to make some serious inroads in combating the situational causes that can lead to breaches. So what does that mean for next year - are organizations able to develop insulation to cyberthreats, or is there greater disaster in store? Let's take a look at perspectives from both sides of this critical divide.
Information Security Threat: Red Alert?
In the face of this year's evidence, many are predicting more trouble on the horizon. A recent survey on information security by PWC highlighted the ""severe and present danger"" posed by cyber risks, mapping out the many factors that contribute to a lack of preparation by organizations to defend against cyberthreats and the myriad business practices that can leave companies more vulnerable than they need to be. It's something that affects enterprises at every level: Large companies are used to contending with assaults on the integrity of their systems and data - or at least they should be. Many have realized too late that they're not prepared.
Medium-sized organizations are experiencing a sharp rise in cybersecurity incidents, the PWC report found. Overall, such incidents have grown 64 percent. These organizations are often part of larger supply or business partner chains, which can leave them vulnerable to the fallout from attacks launched successfully elsewhere. All too often, they can metastasize. Obviously, organizations cannot avoid doing business due to cybersecurity risks, but they are often dealing with companies that may not hold themselves to the same standards. Small companies are also finding themselves with heightened risk.
""Small firms often consider themselves too insignificant to attract threat actors - a dangerous misperception. It's also important to note that sophisticated adversaries often target small and medium-size companies as a means to gain a foothold on the interconnected business ecosystems of larger organizations with which they partner,"" the report stated. ""This dangerous reality is compounded by the fact that big companies often make little effort to monitor the security of their partners, suppliers and supply chains.""
Prevention on the Rise? Some Organizations Hope So
It's clear that a lack of preparation is a systemic problem, with issues at multiple levels. However, not every projection has a pessimistic outlook. One recent survey by ThreatTrack Security found that there is confidence among cybersecurity professionals that they will be able to successfully prevent against data breaches and malware in the coming year, HelpNetSecurity reported.
Sixty-eight percent of respondents to the company's survey admitted that their companies are more likely to be hit with a cyberattack next year. Despite this, 94 percent stated that they will be better at quelling these attacks before they metastasize. Additionally, 95 percent think that business leaders will be more responsive to recommendations and strategies for improving security. Given that many companies have often struggled to ensure alignment between security professionals and leaders, this is definitely a step in the right direction."
