The Magnitude of the 2014 Security Breaches was Underrated

According to Software Advice, Heartbleed created the potential for other breaches and poor internal network security is a real threat to businesses.

shutterstock_214247761

Here at SocialTimes, we’ve covered a lot of the security breaches and hacks throughout 2014. Indeed there have been some sizable breaches this year, with the ongoing Sony saga featuring as one of the most publicized. However, as security breaches were reported on again and again, a great deal of hype can creep in. A report from research firm Software Advice looks at which trends were overrated and underrated this year.

Some have called 2014 the “year of the breach,” but last year was declared year of the breach too, so it seems the experts and media are prone to hyperbole. However, 56 percent of experts surveyed by Software Advice still believe, after all the media coverage, the “breachiness” of 2014 was still underrated.

Brian Foster, chief technical officer (CTO) at threat detection firm Damballa, declared the threat of breaches underrated, because we don’t get the full picture of breaches that don’t reach the press.

Foster told Software Advice:

[T]there are untold numbers of other breaches you never hear about because they don’t fall under notification requirements. As 2014 demonstrated, breaches are a common occurrence, and the challenges are likely to increase since the chances of cyber-criminals getting caught is low.

Heartbleed, one of the biggest security problems of the year, was also declared to be underrated by 55 percent of experts. According to Dr. Engin Kirda, co-founder of breach detection and response firm Lastline, Heartbleed was underrated because the data gathered while the vulnerability was in place could have lead to many other breaches.

Kirda said:

It’s a really bad vulnerability that went undiscovered for so long and affected so many systems that it could have a security ripple effect for years. No one knows what damage was done, or continues to be done, as people don’t patch their servers. It’s possible that many security breaches—high-profile or otherwise—could have stemmed from this vulnerability, but we’ll never know.

Less than half of users protected themselves in the wake of Heartbleed, so it’s not hard to imagine that a significant number of technology professionals left vulnerabilities in their systems too. The biggest area of concern for experts was employees at tech companies themselves. 84 percent believe the threat posed by the workforce was underrated, and they may well be right.

The report also found that the “anti-virus is dead” meme has been greatly over exaggerated. On the contrary, experts believed that mobile malware was an overrated threat, but the difference of opinion was only 50 percent to 43 percent, with 7 percent answering ‘Neither.’ Read the report here.

Image courtesy of Shutterstock.