The 2023 edition of IBM’s annual report titled “Cost of a Breach” has revealed noteworthy trends. Undoubtedly, the fact that breaches incur significant costs is widely acknowledged at this juncture. The disparity in organizational responses to risks and the technology aiding in mitigating the expenses linked to a critical scenario for IT teams are intriguing aspects to consider.
The mean financial impact of a security breach has once again experienced an upward trend, reaching a value of $4.45 million, signifying a 15% growth over the course of the past three years. The expenses related to escalation and detection have experienced a significant increase of 42% over the corresponding period. Given this consideration, it was unexpected to discover that a mere 51% of the studied breached companies, as reported by IBM, made the decision to enhance their investments in security despite the escalating cost ramifications associated with addressing a breach.
The examination of breach cost statistics presents an intriguing perspective; however, can a thorough analysis of these patterns truly facilitate cost savings? Organizations seek to determine the optimal allocation of their safety budget and choose solutions that provide the highest return on investment. Fortunately, the report contains an ample amount of data that may be thoroughly examined. We cannot guarantee any outcomes pertaining to your financial performance, but I can provide insights on areas where risk mitigation and potential expense reduction may be observed in the event of a security breach.
Consider your industry-specific risk
Healthcare continues to be the industry most affected by data breaches for the twelfth consecutive year. Healthcare firms experienced a mean financial loss of $10.93 million, which was nearly twice the amount incurred by the second most affected industry, Finance, with an average loss of $5.9 million. The observation of an increase in impacts among the energy and industry sectors was particularly intriguing. An additional aspect worth considering is that the repercussions of data breaches are not limited to large corporations. In fact, smaller firms with less than 500 employees saw a greater average cost of data breaches in 2023, amounting to $3.31 million, compared to the preceding two years, where the costs were $2.92 million and $2.95 million, respectively.
Cybercriminals do not indiscriminately select firms as their targets. They possess knowledge regarding the industries that handle sensitive data and those experiencing significant increases in revenues. In addition, the size of a company and the anticipated strength of its cyber defenses will be taken into consideration. It is imperative to adopt a hacker’s perspective when assessing one’s organization, taking into account their objectives and the level of difficulty associated with their potential exploits.
Consider healthcare firms as an illustrative case: can the systems safeguarding the health data of customers be deemed trustworthy? Does your organization possess robust and efficient access security measures that effectively prevent fraudsters from obtaining credentials? Penetration testing and red teaming have the potential to yield significant insights regarding both anticipated and unanticipated vulnerabilities.
The prompt emphasizes the critical need to promptly identify stolen credentials.
Despite the implementation of a robust password policy, it remains crucial to anticipate the possibility of employee passwords, including strong passphrases, being compromised. Phishing, accounting for 16% of cases, and stolen credentials, comprising 15% of incidents, continue to be the prevailing primary methods employed in initiating cyber attacks. Additionally, they were classified among the four incident types with the highest costs, specifically $4.76 million and $4.62 million. This category includes malevolent insiders, accounting for 6% of incidents but resulting in an average cost of $4.9 million, as well as corporate email compromise, which accounts for 9% of incidents and has an average cost of $4.67 million.
The implementation of mandatory security awareness training has the potential to effectively modify user behavior, enhancing their level of cyber awareness and so mitigating certain phishing attempts. The implementation of robust multi-factor authentication (MFA) can effectively mitigate the consequences of stolen credentials, particularly in situations where only the password has been compromised. Nevertheless, it is important to acknowledge that end users are unlikely to detect every instance of phishing attacks, and it is crucial to recognize that multi-factor authentication (MFA) is not completely foolproof. Therefore, what are the indicators that can be used to ascertain if employee credentials have been compromised, notwithstanding the implementation of these precautionary measures?
The incorporation of a third-party solution into the Active Directory system can provide enhanced levels of control and visibility. An illustration of this may be seen in the Specops Password Policy, which incorporates a Breached Password Protection functionality that does ongoing scans to identify compromised passwords. End users receive immediate notifications via email or SMS in the event that their password is found to be included in our continuously expanding database, which now contains over 3 billion distinct compromised passwords. For individuals who possess an inclination towards commencing, additional information pertaining to the identification of compromised credentials can be found at this location.
Efficient incident response measures result in significant cost savings.
The analysis indicates that there has been limited advancement in the efficiency of breach detection, as the average business continues to require more than 200 days for this process. Furthermore, this exemplifies that the strategy of infiltrating a system and subsequently traversing horizontally across the network remains a prevalent modus operandi for malicious actors. Following the first identification, the resolution of the issue has exceeded a duration of 70 days. Consequently, it is important to allocate additional resources towards the enhancement of disaster recovery and contingency planning domains.
This implies that there is a continued necessity to enhance the identification of potential risks and fortify our internal network controls rather than solely focusing on external boundaries. The findings of the survey indicate that a mere one-third of breaches (33%) were identified by the internal security teams or tools employed by the firm. The findings of the study also indicated that 27% of breaches were voluntarily disclosed by the perpetrators, whilst 40% were discovered by other entities, including law enforcement agencies.
The detection of breaches at an early stage offers evident advantages. Organizations that detected a compromise within a period of 200 days incurred a financial loss of $3.93 million, whereas organizations that found the issue after 200 days saw a higher financial loss of $4.95 million. Fortunately, there exist many tools that can provide assistance in this regard. According to the survey, individuals utilizing Threat Intelligence were able to expedite the process of identifying a breach, resulting in a noteworthy reduction of around four weeks compared to those who did not employ this tool. Organizations that had a meticulously crafted incident response strategy experienced a 61% reduction in expenditures associated with data breach damages, resulting in a savings of $2.66 million below the global average expenditure. Discover effective strategies for optimizing incident response by leveraging the power of Threat Intelligence.
The comprehension of one’s attack surface holds greater significance in contemporary times.
According to the findings of IBM’s analysis, a significant majority of breached data, specifically 82%, was discovered to be housed in cloud-based environments, in contrast to a comparatively smaller proportion of 18% that was held on-premises. Furthermore, it is worth noting that a significant proportion of breaches, specifically 39%, occurred across various cloud settings, encompassing both public and private clouds. This particular scenario resulted in breach costs that exceeded the average, amounting to $4.75 million. The surveyed firms exhibited a prevalence of misconfigured cloud configurations and a mixture of both known and unknown (zero-day) vulnerabilities.
While the cloud offers enhanced flexibility, scalability, and adaptability for distributed workforces, this data underscores the reality that it also exposes enterprises to a broader range of potential security threats. Perpetrators have also been capitalizing on the limited transparency that exists between corporations and their suppliers. Supply chain assaults accounted for 12% of all data breaches, and these attacks were shown to have a longer average detection time of 294 days.
However, it’s not all bad news, as cybersecurity tools once again exist to support. Organizations that implemented External Attack Surface Management (EASM) observed a noteworthy decrease of 25% in the duration required to detect and mitigate a data breach, as compared to those organizations who did not employ ASM (254 days with EASM compared to 337 days without ASM). The analysis also revealed that firms that used risk-based vulnerability management strategies, as opposed to relying solely on CVEs, experienced a notable decrease in data breach expenses, specifically a reduction of 18.3%. Discover further information regarding the potential enhancement of cyber resilience through the utilization of EASM and risk-based vulnerability management.
The key lesson from our analysis of the 2023 Cost of a Breach is as follows:
The main conclusion drawn from IBM’s 2023 Cost of Breach research is evident: Businesses that possess a comprehensive awareness of their vulnerabilities, accurate perceptions of their attack surface, a well-designed incident response plan, and appropriate measures for handling compromised credentials will experience a reduced number of breaches. In the event that the most unfavorable outcome transpires, the individuals or entities in question will be more well-equipped to address and mitigate the situation, thereby experiencing a lesser impact on their financial performance.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
Read More Article Here