Friday, July 20, 2018
New research on data breaches highlights tangible and intangible impacts on affected organizations. Sponsored by IBM Security and conducted by Ponemon Institute, the study cites remedial, attritional and reputational costs and damages. Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services, said "mega breach" reportage typically covers quantifiable data, such as number of records stolen and aggregated damages, while leaving out other issues. As a result, accounting may be skewed or incomplete, she noted.
"The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs," Whitmore stated. "Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake."
Christian Vezina, chief information security officer at OneSpan, agreed with Whitmore's assessment, noting that mega data breaches have been unabated by global security spending. "The security perimeter has dissolved and as a result the attack surface has increased way beyond what organizations want to realize," he added. "With the prevalence of [the Internet of Things], increased mobility and cloud usage, the use of complex supply chains, and the increased speed of business, organizations can't get a complete grasp over their attack surface."
The 2018 Cost of a Data Breach Study by the Ponemon Institute found that data breaches cost nearly $40 million for incidents involving 1 million records and $350 million for mega breaches of 50 million records. Ten out of eleven breaches are initiated by malicious attacks and not system glitches or human error, researchers found. Average response times for detecting and containing mega breaches averaged 365 days, compared to 266 days for smaller scale breaches, according to the study.
Jonathan Sander, chief marketing officer at STEALTHbits Technologies, said a run-of-the-mill data breach can rapidly escalate to mega breach status when attackers gain access to a network. Attacks can be insider threats by authorized individuals or criminal exploits of busy users and weak configurations, he said.
"With insider level access, the bad guys can strike at less well secured but still information rich targets like documents, scanned information, and other file data," he added. "If you look at all the largest breaches that have hit the headlines, they all included attackers running off with saved emails, scanned contracts, and simple files filled with passwords. That stuff is truly toxic and is only available once the bad guys make that leap to insider status and turn these incidents into mega-breaches."
Vezina said, "Organizations will need to re-think their cybersecurity investments and prioritize their initiatives carefully. If what you do doesn't work, you may want to change your approach. As you cannot possibly protect from everything, you will probably be better off shifting your cybersecurity investments and approach from 'prevention only,' which seems to be failing, to a 'detect and respond' approach."
A copy of the report is available at www.ibm.com/security/data-breach/ . To view the digital infographic with study highlights, visit: costofadatabreach.mybluemix.net . To register to attend the IBM Security and Ponemon Institute webinar on July 26, at 11 a.m. ET, visit ibm.biz/BdYDvf .
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.