Micro Focus is now part of OpenText. Learn more >

You are here

You are here

Shift to cyber resilience: 7 steps to a better security approach

Stan Wisseman Chief Security Strategist, CyberRes

If you sometimes feel like you are on a cybersecurity hamster wheel, running to fight off threats that never end, you are not alone. A recent report by IBM and the Ponemon Institute shows that many organizations are still running on that wheel to nowhere.

The average cost of a single data breach has now reached over $4 million, according to the report, and it takes an average of 287 days to detect and contain a data breach— seven days longer than in the previous year's survey. On average, organizations take 212 days to detect an intrusion, and another 75 days to resolve them. 

Remote working due to the pandemic also affected the speed of response, increasing the time to identify and contain data breaches. At organizations with a greater than 50% adoption of remote work (which includes a lot of organizations), it took an average of 316 days to identify and contain a breach.

The average cost of a breach for the top sectors: healthcare$9.23 million; financial services, $5.72 million; and pharmaceuticals, $5.04 million.

A typical data breach (1,000 to 100,000 records) rose nearly 10% and now costs $4.24 million. That’s the largest single-year cost increase seven years and the highest single-breach average cost ever recorded.

Costs were even higher when remote working was presumed to be a factor in causing the breach, increasing to $4.96 million. So-called mega-breaches (exposure of 50 million to 65 million records) now also come with a higher price tag, reaching an average of $401 million to resolve.

Here are key recommendations for minimizing the financial impact of a data breach—and shifting to cyber resilience.

1. Invest in SOAR to improve detection and response times

Security orchestration, automation, and response (SOAR); security information and event management (SIEM) software; and managed detection and response and services can help an organization accelerate incident response with automation, process standardization, and integration with existing security tools, the report noted.

2. Adopt zero trust to control access to sensitive data

Only 35% of organizations surveyed have implemented a zero-trust security approach. However, those in the mature stage of their zero-trust deployment had an average breach cost that was $1.76 million less than organizations not using the approach. As organizations have shifted to incorporate remote work and more disconnected, hybrid, multi-cloud environments, a zero-trust strategy can help protect data and resources by making them accessible only on a limited basis and in the right context, the report noted.

3. Stress-test your incident response plan to boost resilience

The facts here speak for themselves: Organizations in the Ponemon study that had incident response teams and tested their incident response plans saw an average total cost of a data breach that was $2.46 million less than organizations that experienced a breach without an IR team or a tested IR plan.

4. Use tools to protect and monitor endpoints, remote employees

Unified endpoint management and identity and access management products and services can help provide security teams with deeper visibility into suspicious activity on company-owned and BYOD laptops, desktops, tablets, mobile devices, and IoT devices, according to the report, including endpoints the organization doesn’t have physical access to, speeding investigation and response time to isolate and contain damage caused by a breach.

5. Invest in governance, risk management, and compliance 

Having an internal framework for audits, evaluating risk across the enterprise and tracking compliance with governance requirements can help improve an organization’s ability to detect a data breach and escalate containment efforts, the report explained.

6. Embrace open security architectures and minimize complexity

Security tools with the ability to share data between disparate systems can help security teams detect incidents across complex, hybrid, multi-cloud environments, the report noted. A managed security services provider can also help simplify security and risk with continuous monitoring and integrated solutions and services, it added.

7. Protect sensitive data in the cloud with policy and encryption

The report recommended using data classification schema and retention programs to help bring visibility into and reduce the volume of the sensitive information that is vulnerable to a breach, and protect it using data encryption and fully homomorphic encryption. It added that vulnerability scanning, penetration testing, and red-teaming should be used to help identify cloud-hosted database vulnerability exposures and misconfigurations.

Resilience is the way forward

Compromised credentials are the most common attack vector for enterprises experiencing a data breach, according to the report, a finding corroborated by the 2021 Verizon Data Breach Investigations Report. Verizon identified credentials as the most common data type found in intentional breaches this year—in a staggering 61% of breaches. Once a network was infiltrated, customers' personally identifiable information (PII) was stolen in close to half of the cases.

The Ponemon report says that companies that use security solutions based on artificial intelligence, machine learning, zero trust, analytics, and encryption all mitigated the potential cost of a breach. Those technologies and security controls saved firms, on average, between $1.25 million and $1.49 million. Organizations with fully deployed security AI and automation saw breach costs that were $3.81 million less than organizations without it.

If you're going to buck the trends in these data breach reports, your security team needs to implement as many of the recommendations above as possible, and reduce the mean time to detect and control cyber threats. Your organization's resilience depends on it.

Keep learning

Read more articles about: SecurityInformation Security