Lack Of Information Security Training And Skills To Protect Network Security Could Cost Organizations Millions

Lack Of Information Security Training And Skills To Protect Network Security Could Cost Organizations Millions

Massive data breaches could occur if organizations overlook their network security. The Epsilon breach may have affected 75 companies, or 3% of Epsilon's customers, and the estimated number of affected e-mails in the Epsilon breach is at 60 million.

An e-mail marketing services company, Epsilon's recent data breach could cost the company as much as billion according to a worst-case scenario outlined in a recent report.

According to CyberFactors, given that the compromised e-mail addresses could be used by phishers to gain access to sites that contain consumers' personal information, the total cost of the Epsilon breach – including forensic audits and monitoring, fines, litigation and lost business for provider and customers – could eventually run as high as billion to billion.

Regina Clark, Research and Analytics Director for CyberFactors, stated that "While the attractiveness of the cloud model is hard to refute, the economics of business risk for cloud providers and their customers can no longer be ignored".

She added, "With the cost of technology failures rising at an accelerated rate, the Epsilon event suggests a much more profound financial risk environment is now upon us. Cloud companies would be wise to think more like banks, insurance companies and hedge funds, and not just aggregators of the world's precious data and technology dependencies."

So far, the largest data breaches include up to 130 million credit card numbers stolen from Heartland Payment System in 2008, up to 100 million accounts from retailer TJX in 2005 and 2006, and more than 4.2 million credit and debit card numbers from the grocery chain Hannaford Bros. in 2008.

Meanwhile, Sony announced on April 26 that information from 77 million PlayStation Network user accounts could have been stolen, and added another 25 million compromised accounts to the list on May 2. The newly added accounts are on its online multiplayer division, Sony Online Entertainment (SOE). Experts say hackers stole personal data, including credit and debit card information, in a complex attack that could cost Sony and credit card issuers to billion.

The recent data breaches have also had an impact on its customer's loyalty and satisfaction. "The point is you took our money and didn't secure our credit card and personal data. I'm not even sure how you can possibly make up for that," said a post by a user under the name ‘rawstory'.

Some users said they would be unwilling to register their credit card details in the future.  A PlayStation user under the name ‘leucoplast' said, "Personally, I am never placing my CC (credit card) info in your hands again, and if I ever buy anything off the PSN (PlayStation Network) it will be through pre-paid cards."

Sony shares fell as much as 5 percent a few days ago as concerns mounted about the impact of the breach. Analysts said the leak would weigh on investor sentiment. "At minimum, having to suspend the service, fix its problems and deal with the aftermath, looks set to cost (Sony) tens of billions of yen," said analyst Nobuo Kurahashi of Mizuho Investors Securities.

These report findings clearly point out that online attacks are becoming more common these days. The companies and organizations need to implement robust information security initiatives, including having a proficiently skilled IT security workforce, in order to avoid cyber attacks and security breaches. IT security professionals can increase their information security knowledge and skills by embarking on advanced and highly technical training programs. EC-Council has launched the Center of Advanced Security Training (CAST) to address the deficiency of technically proficient information security professionals.

CAST will provide advanced technical security training covering topics such as advanced penetration testing training, Digital Mobile Forensics, Cryptography, Advanced Network Defense, and advanced application security training, among others. These highly sought after and lab-intensive Information Security training courses will be offered at all EC-Council-hosted conferences and events, and through specially selected authorized training centres.