Detecting and containing a data breach takes the better part of a year, approximately 280 days, for the average organization, according to IBM’s 15th annual Cost of a Data Breach Report, Unfortunately, the longer it takes to identify a breach, the bigger the price tag of the overall breach lifecycle.
This year’s report found that more than half (52%) of breaches are the work of malicious actors. Of those, 13% of breaches are reportedly caused by nation state attackers.The findings also revealed that more attackers are using compromised credentials and leveraging cloud misconfigurations to gain access to the organization’s networks.
Interestingly, “the average total cost of a data breach declined slightly in this year’s report, from $3.92 million last year to $3.86 million this year,” but the report cautioned that this slight reduction is not indicative of a plateau. Rather, “our study appears to show a growing divide in data breach costs between organizations with more advanced security processes, like automation and formal incident response teams, and those with less advanced security postures in these areas.”
The report noted, “Four process-related activities drive a range of expenditures associated with an organization’s data breach: detection and escalation, notification, post data breach response and lost business.” Mitigating those costs demands a defense in depth approach, but it doesn’t mean that organizations should spend freely. There is no silver bullet that will make any organization impenetrable, but there are smart ways to invest that will reduce the overall cost of a data breach.
Time to detection matters and significantly impacts the overall cost, and “Businesses that had not deployed security automation saw an average total cost of $6.03 million, more than double the average cost of a data breach of $2.45 million for businesses that had fully deployed security automation.” Additionally, threat intelligence sharing tools can lower the average cost of a data breach by $202,874.
Companies need to have visibility into their most critical threats, but security information and event management (SIEM) and user behavior analytics (UBA) don’t go far enough. These tools detect many intrusions, but they don’t always detect when a legitimate user has been the victim of a phishing attack that resulted in a malicious actor gaining authorized access to the environment.
Layering these tools with a platform that provides real time threat intelligence of “confirmed compromises” is an important strategy for reducing the time to detection and speeding up the incident response process. Prevailion’s own intelligence platform shows many active corporate breaches that have remained undetected for many months, in spite of the organization’s size and likely budget allocation for cybersecurity. While budget size certainly matters, it is important for organizations to spend that money wisely, and improving their time to detection is critical for reducing the overall cost of future breaches.
Hijazi discusses Microsoft hack parallels with SolarWinds and how China and Russia likely execute their cyber campaigns.
See Prevailion CEO, Karim Hijazi, comment on how nation states use proxy groups to compromise organizations through weaker supply chain points.
See Prevailion CEO, Karim Hijazi, weigh in on a second solar winds hack and how elite hacker groups have likely already compromised many top companies around