What is an ounce of cybersecurity prevention worth?
Published: Feb 11, 2019
It’s almost impossible to overestimate the potential harm a data breach can cause a business. Consider the costs of data breaches in just two of the most newsworthy hacks in 2017: the WannaCry ransomware attack is estimated to have caused more than $4 billion in losses around the world, while the Equifax hack exposed the data of 143 million people, resulting in an estimated $600 million loss. All told, the estimated damage from ransomware attacks in 2017 is in excess of $5 billion.
The easily avoidable crisis
But you already know data breaches and their costs are a major risk to your business. Here’s something you might not know: it’s a risk that can be mitigated. Understanding theft tactics based on the experiences of others is critically important according to a recent ZDNet article.
The popular view of hackers is that of evil technical geniuses exploiting obscure security holes. This couldn’t be further from the truth. In fact, most vulnerabilities are well-known and already patched.
Go back to our two examples above: WannaCry exploited a vulnerability that had a patch available for 59 days before the first attack, while the Equifax breach took place through an Apache Struts web-application vulnerability that had been available for two months.
It’s estimated that 93 percent of breaches in 2017 could have been prevented had basic security steps been taken, such as regularly updating software with patches, blocking fake email messages that contain ransomware, and training staff to recognize and avoid phishing attacks.
The hidden costs of data breaches
And if you’re hoping 2017 was an outlier, think again. This year experts estimate that cyberattacks will cause more than $11.5 billion in damage. And it’s not just the cost associated with the loss, damage or destruction of the data you need to worry about. Organizations are also hit with lost revenue and employee productivity, the costs of forensic investigations, and the cost of systems restoration.
In addition, highly regulated businesses like healthcare organizations may face fines and increased regulatory scrutiny, while every business may suffer from brand reputation loss, a decline in shareholder value and the risk of litigation from the angry customers whose data your organization just lost.
And if that’s not enough to get leadership to focus on cyber breach prevention, they should keep in mind that more and more CSOs, CIOs and even CEOs are being held personally responsible, and losing their jobs in the wake of a data breach.
Make prevention a priority
Data breaches are on the rise, and they are coming for your business, whether you’re prepared or not.
Frankly the basics can be very hard. What’s labeled as basic hygiene is some of the hardest tasks to do well. It’s never easy. But here are a couple tactics to get right first:
- Patching: If a patch is available, that not only means a vulnerability exists. It means that every cybercriminal knows about it. While many enterprises put off patching due to a fear that it will impact their operations, at this point the impact a data breach will have on operations is what you should be more worried about. You need to ensure that your business has an accurate systems inventory, and a robust process for patch updates and testing.
- Culture: According to our research for the Verizon 2018 Data Breach Investigations Report, phishing is the 3rd most common cause of data breaches. All the locks on the door in the world won’t matter if your people keep inviting the bad guys in. The good news is that according to our research, 78% of people don’t click on a single phishing link all year. The bad news is that it only takes one click to cause a breach. To build the culture you need, start with the proper training and then make sure you have testing and communications procedures in place. Make it real for employees by offering incentives, so they have a vested interest in keeping the company secure.
Know where to invest next?
Cyber Risk Monitoring can help you assess your enterprise’s probability of a breach, uncover gaps in your security and provide recommendations for detection and response. This 360º view of your security posture provides data-driven insights to help inform your security strategy, measure your security ROI, and make smarter decisions.
Learn more about Cyber Risk Monitoring .