Symantec Government Online User Group

Last year, there were nearly 900 data breaches (more than in 2009 or 2010*), resulting in 31 million records breached**. And, as the number of reported breaches continued to rise, organizations paid a hefty cost for data breaches, according to this year’s Cost of a Data Breach Study. Some interesting facts from the 2011 study:

• The organizational cost of a data breach was $5.5 million
• The cost per lost or stolen record was $194
• Negligence was the root cause of 39 percent of the data breaches, while malicious attacks caused 37 percent of data breaches (up 6 points from 2010)
• For the first time, malicious attacks accounted for more than a third of breaches; they also remain the most costly type of breach at $222 per compromised record
• Data-stealing malware is the leading attack type at 50 percent
• The second most common type of malicious attack comes from within the organization; malicious insiders were involved in 33 percent of criminal attacks

So what does this mean for government agencies? With the continued migration of government applications to cloud environments, the access to secure sensitive information becomes available anywhere, at any time – drastically increasing the risk of an insider breach. Also, cybersecurity remains a critical issue on the Hill. With the government's increased adoption of mobile devices, many people are wondering what agencies can do to ensure their security policies are robust enough to keep up with the changing technology landscape.

Agencies can protect themselves by implementing information protection best practices and technologies to reduce the risk of data breach incidents. Consider some of these best practices to avoid data loss:

• Assess risks by identifying and marking confidential information
• Implement an integrated security solution that includes reputation-based security, proactive threat protection, firewall and intrusion prevention to keep malware off endpoints
• Deploy data loss prevention technologies which enable policy compliance and enforcement
• Implement two-factor authentication (Ex. VPN plus strong user name and password)

What do you think about the findings from this year’s report?