Estimating the Data Breach Cost
Take a glance at the most discussed cybersecurity topics of the week.
‘Mega Breach’ costs
Dark Reading on July 11, 2018
It is becoming increasingly common for hackers to try extorting money from companies, and an average cost of a data breach reaches $3.86 million. It is but a small part of so-called “mega breaches”.
According to the “2018 Cost of a Data Breach Study,” sponsored by IBM Security and conducted by the Ponemon Institute, the damage coming from a massive data breaches ranges from $40 million for 1 million records lost to $350 million for 50 million records lost.
The impact of incidents is growing with time. Fortunately, a few practices can reduce the cost of a data breach. Incident response (or having a team and plan in place for remediation), wide use of encryption as well as employee training are among the top cost-cutting measures.
Worst cybersecurity breaches this year
WIRED on July 9, 2018
Despite the fact that only half of 2018 has passed, the year has brought some notorious breaches and data exposures that are already worth mentioning. As WIRED suggests, the worst cybersecurity incidents in 2018 are Grid cyber attack, Exactis’ 340 million personal records exposure, Under Armour’s MyFitnessPal app hack and US Universities breach.
Attacks in the Higher Education sector are becoming more frequent and now one of the education-related incidents is included in the ‘worst’ list. In March, Iranian hackers allegedly attacked more than 300 universities in the United States and abroad and stole 31 terabytes of data estimated at $3 billion in intellectual property. They used carefully crafted spear-phishing emails to get professors’ credentials. Hackers targeted 100,000 accounts and succeeded in gaining credentials for about 8,000, with 3,768 of those at US institutions.
Spear-phishing is a fraudulent practice of obtaining access to sensitive university data and a known threat to higher education. Organizations need to find out whether the training and awareness is working and where additional efforts are required.
Better to operate before the alert
CSO Online on July 16, 2018
Many companies tend to deal mostly with reacting to alerts and responding to known situations. But the dwell time for a network intrusion from entry to discovery is approximately 229 days. Before the alert, a hacker has enough time to net data and damage systems.
A security operations center can only help minimize and measure the exposure. While its main benefit is to lessen damage from a cybersecurity problem that has occurred, a strong investigative team can identify and resolve concerns before they result in major destruction. This is always the preference. Employees, tools, training and time are five hints for achieving a true investigative function.
Cybersecurity experts shortage
Dark Reading on July 17, 2018
The “2018 CIO Agenda Survey” survey that was conducted by Gartner researchers polled more than 3,000 CIOs and found 95% of technology leaders expect cybersecurity threats to grow – but 65% have a cybersecurity expert on staff. Why do businesses lack cybersecurity experts? The reasons refer to cost, complicated skills, and unawareness of their importance. While they may not be able to afford cyber experts, companies are investing more in security tools.
This digest has shed light on what is discussed in the cybersecurity realm up to now. The point to take home is that mega breaches can cost up to $350 million, and preventative measures taken before the alert can save the situation. Just hire right people, provide the required technology and good training, and be patient.