A common thread to cybersecurity is getting the basics right. There are “low-hanging fruit” that could make a positive impact on your organization’s risk profile with relatively little time, effort, and expense. For the most effective security, set up the basic cybersecurity foundation for reliable support for other security systems and software.
Breach costs are soaring
IBM report, “Cost of a Data Breach”, shows both the threat landscape and corporate security posture. The cost of a breach is calculated according to analysis of incidents ranging from 2,200 to 102,000 compromised records, with the cost of a breach hitting a record high this year of nearly $4.4 million. It includes several elements:
- Detection and escalation: forensics, audits, crisis management, and executive communications.
- Notification: data subjects, regulators, outside experts, and others.
- Post-breach response: cost of legal expenses, product discounts, regulatory action, credit monitoring, helpdesk calls, and issuing of new accounts/cards.
- Lost business: disruption and downtime, lost customers, reputational damage, and an inability to attract new customers.
Where to focus security
The challenge for organizations is to find the products that deliver the biggest “bang for their buck”. But without proper guidance, security can be channeled into the wrong areas, meaning security risk will remain persistently high.
The costliest breaches stem from:
- Phishing ($4.9 million)
- Business email compromise or BEC ($4.9 million)
- Third-party software vulnerabilities ($4.6 million)
- Compromised credentials ($4.5 million)
In fact, the four relate to one another: phishing is often a factor in BEC, leading to compromised data and vulnerability. Thus, email security should be a prime focus for any organization.
The most common initial attack vectors for breaches were:
- Compromised credentials (19 percent of breaches)
- Phishing (16 percent)
- Cloud misconfiguration (15 percent)
- Vulnerabilities in third-party software (13 percent)
These are attacker’s favorites: Shut down these avenues for attack, and your organization could significantly improve its cyber hygiene.
What are the basics?
Fortunately, there are things that organizations can do today to mitigate some of these risks. Some could save organizations hundreds of thousands of dollars on potential breach costs. Consider the following:
- Security awareness training to mitigate the risk of phishing
- Multifactor authentication to tackle phishing and prevent credential theft/account hijacking
- Comprehensive email security including AI-powered impersonation detection
- Data loss prevention to stem the threat from negligent and malicious insiders
- Strong data encryption to render any lost data useless to data thieves
- Web application firewalls to mitigate the risk of vulnerability exploitation
- Continuous risk-based patching of software and operating systems
- Regular back-ups in case the organization is hit by ransomware
- Cloud-ready firewalls to keep advanced threats at bay
- Cloud security posture management (CSPM) to continuously find and fix misconfigurations
- Incident response tools and programs to rapidly remediate if the worst does happen
Breach costs are on the rise. That’s cause for concern. There are tried-and-tested ways to keep tactics causing the most breaches in check. But where do you start? And how do you know if your current system has the basics set up to provide foundational support? Contact us at Access Tech where we can help identify gaps in your cybersecurity foundation. With our company being heavily reliant on technology, we understand the risks and threats that come with working online. Let us help ease the stress and give you expert advice on what cybersecurity will best fit your business needs. We have been helping customers for years by connecting business strategy to IT solutions.