“Venturing” to Expose Critical Reasons for Breaches

Posted July 6, 2015

Published Annually, Venture Capital Firm KPCB’s Most Recent Study, “Internet Trends 2015,” Explores Data Breach Causes

Identified by the Wall Street Journal as one of the “largest and most established” venture capital firms in Silicon Valley, Kleiner Perkins Caufield & Byers (KPCB) has backed any number of successful companies from Amazon to Google. Mary Meeker, who authored the study, focuses on investments in KPCB’s digital practice and helps lead the firm’s Digital Growth Funds, targeting high-growth Internet companies that have achieved rapid adoption and scale.

No one has to tell you that cyberattacks are growing in size, complexity and the risks they pose to companies, their customers, reputations, and employees. “Internet Trends 2015” examines the dangers to the enterprise from insiders with malicious intent to having too few trained security professionals defending the network.

The following has been excerpted from “Internet Trends 2015” and edited to fit our format. You may find the complete study by clicking on this link.

More than 20 percent of breaches come directly from insiders with malicious intent

In most breaches, attackers have a foothold inside internal networks and spread or steal data through privilege abuse and credential misuse.

Mobile devices are increasingly used to harvest data

Adware grew 136% to 410,000 apps between 2013 and the first three quarters of 2014. This gave attackers access to personal information such as contacts, which could subsequently be used to launch phishing attacks.

Mobile device management is critical in preventing breaches

Twenty-two percent of breaches reported by network security decision makers involved lost or stolen devices.

Human focus is vital for preventing and remediating attacks

Despite an abundance of security products, breach response typically takes months. Four out of five organizations don’t update their breach response plans to account for a changing threat landscape and corporate processes. With proper technology, threat intelligence and expertise, detection to response times has been reduced by more than 90 percent.

Security skills are the biggest gap in enterprise security programs

Despite large investments in security technologies, lack of skilled experts continues to result in breaches. At least 30 percent of organizations cite a “problematic shortage” in each of these areas:

1) cloud computing and server virtualization security skills

2) endpoint security skills

3) network security skills

4) data security skills

5) security analytics and forensic skills.

Breach disclosures come from outside sources

In 69 percent of breaches, victims did not detect attacks on own – they were notified by third parties (media, law enforcement, etc.). This forced victims to disclose breaches outside their preferred terms and timing.

ThreatMetrix

ThreatMetrix

close btn