Editor’s note: Ted Schlein is a general partner with Kleiner Perkins Caufield & Byers. Earlier in his career, he brought to market the first anti-virus software for commercial use at Symantec and also served as the founding CEO of Fortify software, now an HP company.
Building a successful security software company is notoriously hard to get right over the long haul. Computer security is a fast-moving target. You still need anti-virus software, for instance, but it won’t necessarily keep you safe. The same is true for firewalls, and malware detection, and spam blockers, and various other security measures. For better or worse, there is never-ending opportunity here, as the good guys race to keep up with the bad guys.
It feels as though every day brings new national headlines about a cyberattack, an alarming trend that has piqued the interest and deep concern of plenty of U.S. organizations in both the public and private sectors. The latest iteration of an annual report, the “2014 U.S. State of Cybercrime Survey” [PDF], shows that these growing concerns have not necessarily translated into developing and deploying the proper defensive capabilities for preventing the next cybercrime disaster.
The report, which was cosponsored by PricewaterhouseCoopers, CSO Magazine, the U.S. Secret Service and the CERT Division of the Software Engineering Institute at Carnegie Mellon University, covers survey data from more than 500 executives from U.S. businesses, law enforcement and government agencies. The analysis concludes that despite some important efforts to build better cybersecurity regimes, organizations are still lagging behind the bad guys in tactical skills and technological capabilities.
Blame it on Target. Or Edward Snowden. But in case you haven't noticed, legal technology conversations lately aren't exactly obsessed with predictive coding right now. Instead, firms—and everyday citizens—are more likely to be discussing data breaches, cybercrimes, and concerns about confidential client information.
But according to a new survey by LexisNexis' Legal & Professional division, while law firms may be talking—they aren't doing very much about it. The company reports that 89 percent of the 300 legal professionals in 40 states and in 15 practice areas who were recently polled said their firms send confidential information to clients via unencrypted email—relying on a disclaimer at the bottom of the correspondence to serve as protection.
The average two-year tab for a data breach at a U.S. company in 2013 climbed to $5.85 million, an 8 percent spike from $5.4 million in 2012, according to a privacy and data security think tank's new analysis.
For each breached record, the businesses spent an average of $201, according to the Ponemon Institute's “2014 Cost of Data Breach Study: Global Analysis,” [PDF] released Monday. The cost per compromised record is higher at U.S. companies than their counterparts in the United Kingdom, Germany and the seven other countries studied by the organization.
The 314 companies Ponemon reviewed paid out an average of $145 per breached record in 2013. Their typical expenses last year for a data breach were $3.5 million, a 15 percent uptick from about $3 million in 2012.
Protecting a company from data theft traditionally involves setting up a secure perimeter. But with computer crime growing in recent years, International Business MachinesIBM-0.77% has a new approach: spotting threats before the crown jewels are stolen.
On Monday, IBM announced a new security product that it says uses data mining and “behavioral analytics” to keep out hackers.
Antivirus software generally looks for “signatures,” or code belonging to known viruses or other malicious software. One problem with this approach is that it is hard to keep ahead of all the new viruses getting cooked up. Symantec, which invented commercial antivirus software a quarter-century ago, now says such tactics are doomed to fail.
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
