According to the latest research from Kaspersky Lab, the average cost of a data breach is going up. The security vendor commissioned a report that found the average cost of a data breach has surged by 24 per cent from last year and now amounts to $1.23 million for enterprises.
While high profile attacks such as last year’s Equifax hack and the destructive Heartbleed bug puts the onus on security tools, Rob Cataldo, the Vice President of Enterprise Sales for Kaspersky Lab North America said on the EChannelNews podcast there’s more to it than that.
Cataldo described a world where the lines between hackers are blurring. He said, most of the targeted attacks are nation state sponsored efforts; this only amounts to just 0.1 per cent of advanced attacks, while 9.9 per cent fall into the criminal category. But those too are highly organized efforts. These two groups are coming together now often making the enterprise more susceptible to advanced threats. As for the rest of the 90 per cent? End-point security is great for prevention or blocking of threats. However, large enterprises have more complicated infrastructures to managed. And, making things more complex is that fact that most of these organization are on or have started their digital transformation journeys.
“The challenge with digital transformation and security teams is that they are being blanketed with millions of notifications. We call this alert fatigue. The need to analyze. And, the challenge of finding all the anomalies without seeing the essential symptoms of the attacks,” Cataldo said.
Another issue is the talent shortfall. “There’s not enough people in the market place and security experts are difficult to find and expensive to hire. Organizations do not have the threat data and lack the true insights to help better understand the threat landscape through the lens of the adversary,” he added.
Kaspersky, through the leadership of Cataldo, is making a concerted effort to address these challenges in the enterprise space. Kaspersky has been operating in Canada and the United States for 14 years and in the last six of those years put a focus on enterprise accounts mainly targeting state and local governments.
Cataldo told EChannelNews that the company had to prove itself in these areas and now is looking to meet the demand of the enterprise with scalable solutions and features specifically for enterprises such as virtualization security that can be managed in one console.
The company has put forth an initiative to align its sales and marketing teams with the channel to take on large accounts as the threat landscape becomes more challenging.
Advanced threats such as non-malware, social engineering and supply chain attacks are just a few that enterprises should concern themselves with. Cataldo said that prevention only mechanisms will not be enough to block these highly sophisticated hacks.
“The notion that flattening or re-imaging machines do not get to the root cause of a threat. Nor does it prevent that same vector of attack. What’s exacerbating the problem is that companies continue to rely on IT or generalists to do threat analysis, or instant response or threat hunting.”
Also on the podcast, Cataldo talks about how the company is evolving its security portfolio beyond the end-point, security in the cloud and the business opportunity for channel partners.