2020 is in full swing and it’s time for us all to look back at some lessons learned from 2019. As always, cybersecurity is still atop the list of company concerns. Though the threats, risks, and costs may evolve, it’s always important to reiterate just what challenges exist and discuss tips on how to address them.
2019 in review: Breaches bigger and more costly than ever.
Cybersecurity challenges are nothing new, but as threats evolve, systems become more complex, and people (and things) become more connected, the stakes continue to rise.
Costs are rising too.
In their annual Cost of a Data Breach report, IBM Security and Ponemon Institute found that both in the short and long-run, breaches could cripple a business.
In the United States, the average cost of a data breach hit $242 per record, taking 245 days to identify and contain and increasing from $7.91 million in 2018 to $8.19 million in 2019. These events often take years to recover from and result in lost business, damaged reputation, and potential legal consequences.
What can you learn for 2020?
While the numbers look scary the reality is that you can take steps to mitigate these risks. The first step is not to ignore the risk or think your company is immune. With 2020 now upon us, here are a few things you should know.
Know how they happen.
Luckily, if you understand how and why breaches happen, you can also work to shore up defenses. Breaches occur for a variety of reasons ranging from outside threats to accidental releases to trusted insiders.
The known threat: Hackers
It may come as no surprise that hacking takes the top spot for breach type—actors outside the organization are responsible for 87% of the breaches reported. Often targeted to get the most valuable information, hacks are fueled by financial motivations, in which these actors can sell the data on the dark web or ransom it back to the owner.
As the information is highly prized (i.e. a Social Security or credit card number is worth more than an email address or name), the information is targeted at a higher rate and is much more damaging to lose.
The data giveaway: Accidental exposure
However, it’s not the only way records are exposed. In fact, hacks only account for around 14 percent of the number of records lost. The top culprit for this? Accidental exposure of data on the Internet. According to Risk Based Security, over 6 billion records have been made freely accessible thanks to misconfigured databases, backups, end points, and services. While companies do incredible amounts of work to stop hackers, most information is just given away.
The trusted threat: Malicious insiders
But that’s not all. 7.3% of the breaches are caused by malicious insiders. Like hackers, these individuals have motive, means, and opportunity. They also have fewer barriers to entry. Misconfigured user permissions may give the wrong person access to information, lax practices may make it easy for a malicious insider to extract a password, and poor authentication practices may allow him or her to login without trouble.
Understand how they could affect you.
There are many ways that information ends up in the wrong hands, but the end result is reasonably straightforward: You lose money and your reputation is damaged.
Lost business: The biggest contributor to costs.
According to IBM, the loss of customer trust had serious financial consequences for the companies studied, and lost business was the largest of four major cost categories that contributed to the total cost of a data breach, responsible for abnormal customer turnover of 3.9 percent.
Long tail costs: Costs continue for years.
Once the 242 days are done, the costs continue—especially for those in regulated environments like healthcare and finance, two of the most frequently targeted sectors. While an average of 67 percent of breach costs came in the first year, 22 percent accrued in the second year after a breach, and 11 percent of costs occurred more than two years after a breach.
Learn how to deal with risks.
There are four primary ways of dealing with risk: avoid, mitigate, accept, or transfer.
Choose the right partner
While there are many factors that contribute to the cost of a data breach, some of the biggest drivers included third-party involvement and extensive cloud migration. However, this is no indictment of third-party providers or the cloud—most cloud providers do things better than you can. In this, the right partner matters.
Before taking on any cloud project or working with an implementation partner, it pays to ensure they are taking steps to protect you. Learn what you should look for from your provider and implementation partner, get to know what questions you should ask, and read about how to protect yourself from unscrupulous vendors here.
Address complexity
Another of the top five cost drivers? System complexity. When systems start to work individually and reach out in all directions, it’s much harder to know which one is the problem.
In today’s IT environment, complexity is easier to handle than ever. Applications can connect using secure APIs—not hand-coded ones that increase risk.
Automate and augment your security
According to IBM, organizations that had deployed automated security solutions that reduce the need for direct human intervention – including the use of security solutions with artificial intelligence, machine learning, analytics, and automated incident response orchestration – saw significantly lower costs after experiencing a data breach.
AI is the next frontier for security (not to mention the rest of the business). Get to know what it means for finance.
Setting yourself up for success: NexTec delivers.
Business threats are evolving, but with the right tools and advice, companies can overcome them and thrive. NexTec has been in the business of delivering both, implementing products that make your business better and advising clients on what matters.
For over a quarter century, we’ve seen the technology world evolve and can help you select, implement, and use the right Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), or Business Intelligence (BI) solutions for your organization. Let’s get in touch.