In this brief video, Charles DeBeck, cyber threat intelligence expert at IBM, Mark Guntrip, senior director, cybersecurity strategy at Menlo Security and Tessa Mishoe, senior threat analyst at LogicHub, talk about how catastrophic data breaches can be for organizations and the factors that can help reduce the costs of data breaches in 2022.
Key Takeaways
- How much does data breach cost organizations?
- Which are the top costly data breaches of 2022?
- What factors can increase or help mitigate the cost of data breaches?
Read the full transcript of our conversation with Charles DeBeck, Mark Guntrip, and Tessa Mishoe here:
Toolbox: How much does data breach cost organizations?
Charles DeBeck: On average, the cost of a data breach in the last year was $4.24 million, which is a significant jump from the previous year of over 10%. Interestingly, this was also the highest value that we saw for the average cost of a data breach in any year in the last 17 years.
“Also, what was interesting is when we looked at the underlying data of this at this $4.24 million cost, what we’re starting to see as a strong trend is the stratification of the cost of a data breach for organizations.â€
What I mean here, is that organizations that are taking the steps to defend themselves proactively are seeing reduced costs in general, however, organizations that aren’t taking, these effective defensive steps, and aren’t engaging in proactive cyber security, are seeing significantly increased costs year-over-year. So much so that it’s taking the entire average up along with it.Â
So, this increased stratification to me is a clear lesson and message for organizations to take effective cybersecurity steps. If they’re not taking those cybersecurity steps, they’re going to find themselves taking increased costs as a result of data breaches.
Mark Guntrip: Looking at the overall cost of a data breach, you can really look at it two ways. You’ve got the, the average view. So, the latest IBM report on the cost of a breach, puts the average cost at $4.24 million up by 10% over the last year. But obviously every single breach, every single security incident is going to be different.
“So, it’s going to depend on the size of the breach, how much data was stolen, what data was stolen. It’s going to depend on the practices and the procedures that are in place in the organization to prevent, minimize and recover quickly from a data breach. And overall, it’s going to be impacted by the ability of the organization to pay.â€
So, we can think about the cost of a data breach, but the cost could be that a business action just ceases to operate and goes out of business. We can look at the hard costs, but also, we’re going to try and cover some more. The longer term or the harder to put a finite value on are loss of business over time, loss of reputation, and overall downtime. All of these obviously are going to factor into the overall cost of a breach, but it isn’t going to be all recognized immediately, it would be over time.Â
Tessa Mishoe: Unfortunately, it’s hard to say. Between regulatory actions, loss of trust with clients and vendors, payments and customers’ remedial actions, it’s a lot. And usually, it’s a lot more than total estimates we’ll consider.
Toolbox: Which are the top costly data breaches of 2022?
Mark Guntrip: I’ve kind of put the costliest data breaches in recent times in a few different buckets. First, I would look at colonial pipeline, because of the massive disruption to their business. It’s not only their business, their revenue, their infrastructure, but also everybody that relied on them and the chaos that ensued when that gas pipeline shut down. It’s really a very good example of how a cyberattack can translate into the real world and what it means to just the average person trying to fill up their car with a tank of gas.Â
Second, I would look at Log4J. The impact of this exploit is so vast, I don’t think we have fully wrapped our arms around what this is going to mean. Obviously, there’s millions of millions of websites, and therefore companies that have been impacted by this Log4J exploit. I’m certain that many companies still don’t have a clue that their website properties are open to exploit or potentially being exploited and what that might mean to the wider industry.Â
And then the third, which I’ll put together in a kind of a bucket here is stock and cryptocurrency. Companies which have very much been a focus for attackers throughout the last year or so such as Robinhood with 5 million accounts being compromised. Looking at Bitmap with $200 million in losses, looking at Coinbase with 6,000 of those that had their cryptocurrency stocks stolen. Liquid with $97 million of cryptocurrency stolen.Â
Tessa Mishoe: Unfortunately, there are a lot of factors. Sometimes companies are not revealing the total cost of their breach, or maybe they never reveal anything about the breach. Unfortunately, there are a lot of countries that allow that to happen. It’s completely normal. Some of the possibly most costly data breaches of 2022 include Microsoft, the crypto.com breach.
And the Cashapp breach that didn’t include an exact number of values, but appeared to have lost portfolio values, customer names, brokerage accounts, and activity.Â
Charles DeBeck: There are several factors that can increase the cost of an overall data breach. But one that we keep seeing year after year is compromised credentials. Threat actors leveraged compromised credentials to break into organizations. And the advantage to using compromised credentials from a threat actor perspective is that it allows them to get deeply entrenched into the organization and really wiggle into the spots they’re not supposed to be. This can cause harm to the organization in a few different ways.
First, it’s more challenging to stop the breach as it’s occurring because the threat actor is so deeply entrenched within your net. And then on the backend, it becomes more expensive to mitigate and reconstitute after the breach is over, which increases the cost even further. So, it’s really a one-two punch for organizations dealing with compromised credentials being used to break in.
“With the advent of remote work and the hybrid work environment from our study, we found that remote work significantly increased the cost of a data breach. And I don’t think this will necessarily change in 2022.â€Â
Overall, the main reason that we saw remote work led to higher costs was because of visibility issues. The challenge for an organization with this distributed network with so many different end points and so many different network assets deployed, all sorts of different locations is it becomes really challenging to make sure you have good visibility across this distributed environment and can see events as they’re occurring and are able to respond to data breaches in real time, effectively, unless you have a good posture for visibility.
And I think, this challenge will remain in 2022. With the hybrid working environment, that distributed network architecture is still going to be there for organizations and organizations are going to continue to have a broader portfolio that they must manage and maintain visibility over to be able to respond effectively with data breaches.
Toolbox: What factors can increase or help mitigate the cost of data breaches?
Mark Guntrip: So, I believe we’ve taken our eye off the protection of the prevention of threats coming into an organization and said, you know what? It’s not a case of ‘if’, but when, so therefore I’ll look to detect and remediate as quickly as possible.
And all the statistics that I just ran through show that this approach isn’t working. It isn’t sufficient to stop the threats to stop the loss of business reputation, and everything that I’ve mentioned. I think we need to pivot back and say, you know what? We need all these things, but most of all, we need to stop that initial malware incursion wherever possible rather than just focusing on response.Â
“We see these highly invasive adaptive threats, which what you call the heat attacks. And they’re being used by attackers because they know the security stack that’s in place of most companies, because it really hasn’t changed in any meaningful way in the last decade or so.â€
If they can get their foothold into a network or a device by getting through the antivirus, firewalls, IPS, sandbox, reputation systems, everything that’s in there, then they can basically do whatever they want. Whether that’s a data breach and stealing records, whether that’s ransomware, whether that’s a combination of all these things, but overall companies need to put in place layers of protection.
They need to prevent as much as they can. They need to detect as quickly as possible. They need to implement zero trust to limit their exposure. And then they need to prevent exfiltration as much as they can through manual processes by requiring two parties to sign off on a financial transaction, rather than allowing these things to become automated.
And if companies consider all these pieces, then they can look to lower the risk of being hit by a data breach or ransomware in 2022.Â
Tessa Mishoe: The biggest one is avoiding them in the first place. Of course, good monitoring, patching and training are all extremely important to keep breaches from happening. Backups are also extremely helpful. If it does happen, having a backup can help you get up and run faster. So, operational costs will be lower. And finally, if all else fails, admit that it happened and do everything you can to get things right. And get as much information out there.
Charles DeBeck: There are a couple of key takeaways from our study in terms of how you can best mitigate the overall cost of a data breach. I think one that we’re continuing to see year after year though, is the importance and criticality of using security automation and artificial intelligence to help protect the organization more and more.
We’re seeing threat actors moving at lightning speed. They get into an organization, and they spread like wildfire. And without using security automation to help clamp down on that overall data breach quickly, organizations are going to find themselves facing increased costs again on the front end as well as on the backend. To mitigate the overall impact of the data breach when dealing with threat actors that are increasingly getting new methods and new capabilities, using security, analytics and automation can help respond more effectively to even unknown or previously unseen attacks.
The other key component here, I think when it comes to mitigating the cost of a data breach must be zero trust frameworks. The entire point of zero trust is to reduce the overall blast radius of a data breach or an incident.
And so, using a zero-trust framework can help significantly reduce the cost of a data breach overall because it helps in those two key categories – it reduces the overall cost of the breach initially by containing and reducing the actual impact of the breach at the time it’s happening.Â
It doesn’t matter how a threat actor is getting in, and it doesn’t matter why the threat actor is getting into the organization if you’re using a zero-trust framework, zero trust will help and it will help reduce the overall cost of a breach. My key recommendation for how to mitigate the cost of a data breach in 2022 is look at zero trust frameworks and how they can help protect your organization against a wide array of threats.
How is your organization protecting itself from data breaches in 2022? Tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!Â