As of July 2014, a total of 10 million personal records were exposed as a result of cyber attacks, indicating a strong need for organisations to adopt a more strategic approach to safeguarding digital information.
That was one of the biggest takeaways from Trend Micro's second quarter security roundup report - Turning the Tables on Cybercrime: Responding to Evolving Cybercrime Tactics - which notes that cyber threats, data breaches and high-risk vulnerabilities continued to dominate the first half of 2014.
According to Trend Micro, the severity of these attacks against financial and banking institutions, as well as retail outlets, intensified in the second quarter.
It adds that the attacks affecting consumer's personal information included theft of data such as customer names, passwords, e-mail addresses, home addresses, phone numbers and dates of birth.
These types of personal privacy breaches have affected organisations' sales and earnings while leaving customers unable to access accounts and dealing with service disruption, Trend Micro notes. As a result, it adds, many countries have begun developing stricter privacy and data collection policies to deal with this problem.
The report also states that as of 15 July, 2014, more than 400 data breach incidents had been reported, creating the need for organisations to identify and understand their core data in order to protect and build an effective defence strategy to keep them secure.
Critical vulnerabilities hit different components of Internet-browsing and Web services, ranging from server-side libraries to computer operating systems, mobile apps and browsers, the report reveals. Co-ordinated vulnerability disclosure and patch releases, however, raised the urgency and awareness of issues surrounding most of the vulnerabilities disclosed this quarter.
Heartbleed was the most critical vulnerability uncovered to date, the report notes, adding that the bug paved the way for attackers to steal data such as passwords and credit card information from users conducting financial transactions via the Secure Sockets Layer protocol on vulnerable Web sites.
Trend Micro urges a change in mindset, suggesting organisations initially need to determine which information they regard as "core data" before devising a plan on how to protect it.
"Enterprises must treat information security as a primary component of a long-term business strategy rather than handling security issues as tertiary, minor setbacks," says Gregory Anderson, country manager at Trend Micro SA.
"Similar to having a business strategy to improve efficiency, a well-thought-out security strategy should also improve current protection practices that achieve long-term benefits. The incidents observed during this quarter further establish the need for a more comprehensive approach to security."
Share