Technological advancements are undoubtedly changing the world for the better, with automation, AI, the IoT and cloud driving forward innovations across every sector. However, with this advancement comes greater risks as cyber threat actors use the same technology against individuals and industry for their own gain.
The 2019 Verizon Data Breach Investigations Report identified that 52% of breaches in the past year of those surveyed (17,300 incidents with 1700 actual breaches) featured hacking, 33% featured social attacks and 28% involved malware. Targets spanned all sectors and sizes of businesses. Small businesses were targets in 43% of breaches, 39% of all breaches were perpetrated by organised criminal groups and 56% of breaches took months or longer to discover.
These figures highlight the varied and indiscriminate nature of data breaches that businesses today face. But what are the implications of a data breach? According to Deloitte , firstly there are the well-known and more obvious effects, such as the costs and resource needed to undertake a technical investigation and improvements to cyber security defences required to protect customers and business systems as a result. Then there are the PR and customer notification costs and efforts required to ensure customers are not in the dark and reputational damage is limited. Then the compliance and legal fees that could be incurred. There may be regulators’ fines to consider, as with GDPR. The hidden costs lie slightly off radar and include increased insurance premiums, and reduced appeal to investors, plus the value of any contracts lost as a result of the breach. It’s hard to quantify the impact of operational disruption, but this can be devastating for some businesses. The company brand and name could be devalued as a result, valuable intellectual property could be lost, and customers could take their business elsewhere. The time taken to repair much of the damage done to the business can take years. Processes need to be redesigned and implemented and new cyber security programmes are an investment in time and money.
With all of the above to consider and calculate, it is not surprising that the global average cost of a data breach in 2019, as calculated by the Ponemon Institute, has risen by 1.5% in a year to reach $3.92m.
How can businesses mitigate the risk of a costly breach, with so many attacks happening and new vectors used, with the costs so high?
Businesses need to shift focus from a reactive security model to a proactive approach which seeks not to secure the whole perimeter but to reduce the size of the attack surface and increase security focus on apps and data which travel around the enterprise. This is in contrast to the traditional model of cyber security which focused on protecting the data centre. Organisations can better secure their apps and data by having a clear understanding of how they work and interact, then developing intelligent policies, access keys and secure rooms which compartmentalise the whole infrastructure, protecting each area individually and limiting the impact of a breach.
Real time and continuous breach detection and monitoring ensures that businesses understand exactly when something unexpected or anomalous is happening. This information can be triaged with other systems to trigger alerts or next actions. Emergency response plans can then be mobilised quickly and effectively to reduce the impact of a breach.
Finally, regular testing will identify any weak spots and provide the essential information that is needed to close any gaps and make changes to security defences.
Only by moving with the times and adapting to the latest threat actors will organisations be able to mitigate the risks associated with a cyber security breach.
WTL offer a range cyber security solutions which employ next-generation features to ensure you remain one step ahead of the cybercriminals.
If you’re ready to make some changes to the way you protect your business, please get in touch.
Deloitte Hidden Business Impact of Cyber Attacks