IBM’s 2023 “Cost of a Breach” report makes for some very interesting reading when it comes to cybersecurity. Breaches are expensive, with averages jumping up 15 percent in just three years to $4.45 million. To counter these costs for organizations, it is important to understand how budget assignments in security can be optimized to reduce loss.
Financial Impact of Breaches
Such a report indicates some disturbing trends mostly because the cost of detection and breach escalation has been on an increased trajectory by 42%. This then proves that only 51% of organizations experiencing breaches will take measures to invest further in security measures. In its wake, it prompts organizations to see that investing in the Key Cybersecurity Tools to Mitigate the Cost of a Breach not only prevents breaches but also enables organizations to minimize their financial impact once they happen.
Industry-Specific Risks
They are also different in their cost. For the twelfth consecutive year, healthcare is the most impacted sector with an average loss amounting to $10.93 million. Finance comes second with an average of $5.9 million. Surprisingly, the smaller organizations, those with employees below 500, also experienced a more expensive breach in 2023 at an average of $3.31 million.
Cybercrime focuses on sensitive data-rich industries, and as such, it will be imperative to be aware of the weaknesses of your organization. In this regard, a healthcare organization needs to evaluate and analyze its data security system and access control protection system. Penetration testing and red teaming on the physical or network infrastructure always reveal some hidden weaknesses that must be addressed as part of defense hardening.
Credential Detection is Critical in Real-Time
Stolen credentials is the most used attack vector among others. Among the breaches in the initial one, phishing (16%) and stolen credentials (15%) are the most common. These attacks can be very costly at an average of $4.76 million and $4.62 million per incidence.
Forcing security awareness among the employees will increase the ability of workers to recognize phishing attempts. MFA may also minimize the usage of stolen credentials. All of these activities provide chances for vulnerabilities to occur.
Third-party tools can also be implemented into your Active Directory for added control. Specops Password Policy, for example, allows Breached Password Protection. This continuously scans for compromised passwords. This type of active alert can enable the user immediately if their password has appeared on the list of over 3 billion unique compromised passwords.
Why Quick Incident Response is Important
The average organization takes more than 200 days to detect a breach, and remediation would be completed over 70 days after discovering the breach. Hence, such prolongation of delays may be costly, and the difference may be stark for determining whether it is discovered within 200 days or takes longer: whereas on average, organizations that discover breaches within 200 days have averaged losses of $3.93 million, their counterparts with longer periods lose an average of $4.95 million.
This means there is an increased necessity for organizations to improve detection capabilities and internal network controls. The report went further to state that even in the breach events, the breach was only detected by the internal security teams in 33% of cases. Conversely, 40% of breaches were discovered by third parties including law enforcement.
Additionally, implementing Threat Intelligence tools will bring the time in terms of weeks to identify breaches down by as much as four weeks for most organizations that lack these resources. Companies with a robustly structured incident response plan have their breach costs 61% lower, or an average of $2.66 million lower than the world’s average.
Manage Your Attack Surface
A report states that 82% of the breached data is found in the cloud, with 39% of the breaches crossing multiple cloud environments. Misconfigured cloud settings and vulnerabilities have contributed substantially to higher breach costs that averaged $4.75 million.
While organizations welcome the flexibility and scalability of cloud technology, they must also expand their attack surface. That’s where EASM tools come into the picture. Organizations employing EASM have decreased data breach time by 25% from other organizations not employing EASM (254 days vs. 337 days).
What’s more, using risk-based vulnerability management instead of a mere CVE-only solution can help in drastically reducing breach costs, averaging 18.3%.
Key Takeaways from IBM 2023 Cost of a Breach Report
As the report from IBM concludes, organizations that understand their vulnerabilities, retain visibility into their attack surfaces, and maintain effective incident response plans are better positioned to avoid exacerbating breach costs. Proper investments in the proper Key Cybersecurity Tools to Mitigate the Cost of a Breach and practices will allow an organization to minimize risks but also minimize financial impacts when breaches occur.
If you found this interesting, do not forget to follow us on both Instagram and LinkedIn for more security-related content!