If you sometimes feel like you are on a cybersecurity hamster wheel, running to fight off threats that never end, you are not alone. A recent report by IBM and the Ponemon Institute shows that many organizations are still running on that wheel to nowhere.
The average cost of a single data breach has now reached over $4 million, according to the report, and it takes an average of 287 days to detect and contain a data breach— seven days longer than in the previous year's survey. On average, organizations take 212 days to detect an intrusion, and another 75 days to resolve them.
Remote working due to the pandemic also affected the speed of response, increasing the time to identify and contain data breaches. At organizations with a greater than 50% adoption of remote work (which includes a lot of organizations), it took an average of 316 days to identify and contain a breach.
The average cost of a breach for the top sectors: healthcare, $9.23 million; financial services, $5.72 million; and pharmaceuticals, $5.04 million.
A typical data breach (1,000 to 100,000 records) rose nearly 10% and now costs $4.24 million. That’s the largest single-year cost increase seven years and the highest single-breach average cost ever recorded.
Costs were even higher when remote working was presumed to be a factor in causing the breach, increasing to $4.96 million. So-called mega-breaches (exposure of 50 million to 65 million records) now also come with a higher price tag, reaching an average of $401 million to resolve.
Here are key recommendations for minimizing the financial impact of a data breach—and shifting to cyber resilience.
1. Invest in SOAR to improve detection and response times
Security orchestration, automation, and response (SOAR); security information and event management (SIEM) software; and managed detection and response and services can help an organization accelerate incident response with automation, process standardization, and integration with existing security tools, the report noted.
2. Adopt zero trust to control access to sensitive data
Only 35% of organizations surveyed have implemented a zero-trust security approach. However, those in the mature stage of their zero-trust deployment had an average breach cost that was $1.76 million less than organizations not using the approach. As organizations have shifted to incorporate remote work and more disconnected, hybrid, multi-cloud environments, a zero-trust strategy can help protect data and resources by making them accessible only on a limited basis and in the right context, the report noted.
3. Stress-test your incident response plan to boost resilience
The facts here speak for themselves: Organizations in the Ponemon study that had incident response teams and tested their incident response plans saw an average total cost of a data breach that was $2.46 million less than organizations that experienced a breach without an IR team or a tested IR plan.
4. Use tools to protect and monitor endpoints, remote employees
Unified endpoint management and identity and access management products and services can help provide security teams with deeper visibility into suspicious activity on company-owned and BYOD laptops, desktops, tablets, mobile devices, and IoT devices, according to the report, including endpoints the organization doesn’t have physical access to, speeding investigation and response time to isolate and contain damage caused by a breach.
5. Invest in governance, risk management, and compliance
Having an internal framework for audits, evaluating risk across the enterprise and tracking compliance with governance requirements can help improve an organization’s ability to detect a data breach and escalate containment efforts, the report explained.
6. Embrace open security architectures and minimize complexity
Security tools with the ability to share data between disparate systems can help security teams detect incidents across complex, hybrid, multi-cloud environments, the report noted. A managed security services provider can also help simplify security and risk with continuous monitoring and integrated solutions and services, it added.
7. Protect sensitive data in the cloud with policy and encryption
The report recommended using data classification schema and retention programs to help bring visibility into and reduce the volume of the sensitive information that is vulnerable to a breach, and protect it using data encryption and fully homomorphic encryption. It added that vulnerability scanning, penetration testing, and red-teaming should be used to help identify cloud-hosted database vulnerability exposures and misconfigurations.
Resilience is the way forward
Compromised credentials are the most common attack vector for enterprises experiencing a data breach, according to the report, a finding corroborated by the 2021 Verizon Data Breach Investigations Report. Verizon identified credentials as the most common data type found in intentional breaches this year—in a staggering 61% of breaches. Once a network was infiltrated, customers' personally identifiable information (PII) was stolen in close to half of the cases.
The Ponemon report says that companies that use security solutions based on artificial intelligence, machine learning, zero trust, analytics, and encryption all mitigated the potential cost of a breach. Those technologies and security controls saved firms, on average, between $1.25 million and $1.49 million. Organizations with fully deployed security AI and automation saw breach costs that were $3.81 million less than organizations without it.
If you're going to buck the trends in these data breach reports, your security team needs to implement as many of the recommendations above as possible, and reduce the mean time to detect and control cyber threats. Your organization's resilience depends on it.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.
