In a report by Trustwave, of the over 200 data breaches in 2009, only 9% were noticed by companies. And of those 9%, 80% were noticed by credit card companies; noting also that credit card companies have the best incentive to try and detect these breaches with Avivah Litan, analyst with Gartner, stating that “When there is a breach against the retailer or processor, they don’t suffer direct losses; they only suffer losses after the card companies discover who they are and then force them to pay them back,”.
Interesting to also note, most of the data breaches, 70%, where detected by third party vendors. So, with such a small percentage of detections, when companies don’t use a third party vendor, one must wonder why companies try to safeguard their data without some form of assistance. As noted by Dwayne Melancon, vice president of strategy for Tripwire, companies have so much data that understanding just what to pay attention to can get very difficult. And putting the nail in the coffin, as noted by Phil Neray, vice president of security strategy at IBM’s Guardium, too many of these organizations waste resources trying to build some form of compliance and reporting tools internally with scripts, native logging, triggers, etc. that are ineffective because they are usually not real-time or miss something from the massive amounts of transactional information in today’s corporate environments.