FBI officials revealed this week that more than 500 million financial records have been stolen as a result of security breaches in the last 12 months. Even more startling, the vast majority of those files, 439 million, were taken in just the last six months. Robert Anderson, executive assistant director of the FBI's Criminal Cyber Response and Services Branch, likened it to being able to rob 15,000 banks while sitting in your basement.
Officials speaking at a cybersecurity summit hosted by the Financial Services Roundtable noted that America's financial sector is among the most targeted in the world, USA Today reported. According to speakers at the event, the largest portion of the stolen records was accessed through website breaches, with 33 percent of the files taken this way. Another 22 percent of files were lost due to cyber espionage and 14 percent through malware infections of point of sale terminals.
Nearly 110 million Americans – equivalent to half of all adults in the U.S. – have had some amount of personal data exposed in the past, according to FSR president Tim Pawlenty. Pawlenty also noted that almost 80 percent of the organizations that suffered breaches didn't know there was an intrusion until alerted by an outside source, raising concerns about the security measures currently utilized by American businesses.
"Enterprises are now coming to a conclusion that they are either already compromised, or will soon be," Seculert CTO Aviv Raff said in an interview with FierceITSecurity. "It's not a matter of 'if', it's a matter of 'when.' The breach shows the necessity of moving from trying to prevent an attack to try and detect and respond as quickly as possible."
Joseph Demarest, assistant director of the FBI's cyber division, echoed Raff's sentiment, saying that all companies will be hacked eventually so the faster a security plan is in place, the better.
Steps toward increasing data security
A main theme during the summit was the need for Congress to pass effective cybersecurity legislation to provide law enforcement officials with greater authority to track down and prosecute cybercriminals. Currently, such a bill has passed the House, but has yet to make it through the Senate. Another bill that has been approved by the Senate allows the Department of Homeland Security to more easily hire IT professionals with cybersecurity experience.
"Our government and our businesses are in a daily fight against hackers," said Pawlenty. "It's getting increasingly concerning, and it needs to be met with action by Congress."
While strides are being made to create stronger and more effective cybersecurity legislation, the fact remains that companies are still at risk every day. For most enterprises, cybersecurity is not a core competency, and it can be time consuming and complicated to put reliable defense procedures in place to protect sensitive data. Luckily, security information and event management services are available for enterprises that aren't sure how to best protect their networks. A concierge SIEM solution provides companies with around the clock monitoring of enterprise networks and systems, watching for any suspicious or anomalous behavior. All security event information is collected and analyzed in order to provide businesses with actionable data that can be used to create a stronger defense strategy.