The cost of a data breach

A recent report by IBM has revealed interesting facts and figures on the current cost of a data breach. This report is of particular importance because it is the basis upon which cybersecurity can continue to be justified, more so with improved attention on several areas including artificial intelligence and hybrid cloud. Below are some of the highlights from the report, alongside my thoughts.

The first key insight from the report that cites data between March 2021 and March 2022 is that the average time frame within which a breach can be identified and contained is 277 days. This statistic alone indicates that worryingly, there still is a challenge in identifying and mitigating threats across the globe. In an industry where a difference of 24 hours could force closing shop due to devastating financial loss, reputation damage, and even theft of intellectual property, 277 days is certainly an overkill. Malicious actors organized into APTs have been emboldened with sophisticated tactics, techniques, and procedures that make it harder for victims to realize they have been compromised early enough.

The challenge then is to keep the losses at the minimum and discovery at its earliest, something that requires concerted efforts by governments and organizations. No wonder, the report suggests the deployment of security AI and automation, extended detection and response (XDR) technologies, and functional incidence response teams. In tandem, these considerations can greatly reduce losses while improving detection times. For example, organizations deploying these security AI and automation can save 74 days of detection while those using XDR can improve response by 29 days. Similarly, engaging an incidence response team and functional incidence response plans can save organizations $2.66 million. Notably, the use of hybrid cloud environments can also reduce the cost of data breaches while helping identify and contain breaches 48 days earlier. Consequently, the report on the cost of data breaches suggests that organizations should adopt modern cybersecurity practices including;

1. Adopting a zero-trust architecture to reinforce security.
2. Using extended detection and response tools for better incident detection and response.
3. Formulating and testing incident response playbooks for a clear course of action.
4. Conducting adversary simulations to gain attacks perspective and better preparation.
5. Deploying SOAR technologies to improve automation, response time, and optimize threat intelligence.
6. Adopting hybrid cloud capabilities to improve collaboration and efficiency.

Clearly, where it is commonly accepted that the question of compromise is not on if but when, there is benefit in early detection and mitigation of data breaches. Take, for example, the Democratic National Committee attack that stayed undetected/unmitigated for over a year. Don't you think that a better response informed by initial suspicion and evidence of a possible network breach would have saved the party the embarrassment of leaked emails and internal political intricacies?

The said recommendations are applicable to every organization regardless of industry or size. For example, the adoption of zero-trust architecture could help avoid breaches such as the Colonial Pipeline ransomware attack that was in itself enabled by the use of a no longer used, but viable VPN account and a leaked password. The healthcare industry that continues to lead in data breaches would especially benefit from the urgent incorporation of detection and response mechanisms.

If anything, the report shows that organizations must continue to use their resources to deploy modern cybersecurity infrastructure to avoid compromise of confidentiality, integrity, and availability of resources that enable business. Organizations have to do more to close the noted skills gap by sufficiently staffing and equipping their security departments. If not tackled via the adoption of dynamic and innovative best practices, the cost of breaches will certainly continue to soar amid growing adversarial capabilities.