- Cisco Introduces Responsible AI – Enhancing Technology, Transparency and Customer Trust
- Managing Customer Trust in Uncertain Supply Chain Conditions
- Hope on the Horizon
- Toys of Tomorrow… What will spark your imagination? Fuel your imagination?
- Protecting Purses and Digital Wallets
- The Password that Felled the Kingdom + MFA vs 2FA
- The MOE’s RA 3.0 and Zscaler
- 7 Critical Reasons for MS Office 365 Backup
- Penetration Testing Important, but…
- Social Engineering and Poor Patching Responsible for Over 90% of Cybersecurity Problems
- Breach Incidence and Costs On the Rise Again + 5 Ways to Reduce Your Risk
- Cybersecurity Insurance Policies Require Security Audits and Pen Testing
- Wireless strategies for business continuity gain importance as enterprise expand IoT, cloud, and other technologies
- How Cybercrooks are Targeting YOU
- Enabling Digital Transformation with Cisco SD-WAN
- WFH Post Pandemic – What It Will Look Like. What You’ll Need.
- Leaders to looking to the IoT to improve efficiency and resiliency
- Cyber Security Vernacular – Well, some of it, for now
- Why You Need Disaster Recovery, NOT Just Back-Ups
- 10 Reasons Why Having an Expert Manage Your Cybersecurity Makes Sense and Saves Dollars
- Converting CapEx IT Investments into Manageable OpEx
- The Hybrid Workplace – Planning the Next Phase
- Cisco Cloud Calling: Empowering Customers to Thrive with Hybrid Work
- When You Can’t Access the Cloud
- How to Keep On Keeping On
- New Cisco Research Reveals Collaboration, Cloud and Security are IT’s Top Challenges
- Threats from Within on the Rise
- Cloud Covered? If Not, Take Cover!
- Zero Trust and Forrester Wave Report
- Password Based Cyber Attack: Like Leaving Keys Under Doormats
- So, What’s Up With Sensors?
- Sensors and Systems Create a Digital “Last Mile” and Help Skyrocketing Costs
- Scanners Provide Peace of Mind for Returning Students and Workers
- Sensors Improve Operations and Bottom Line… Easily and Cost-Affordably.
- Cisco Meraki Looks at 2021
- 2020 Holiday Shopping: Cybersecurity and Other Tips to Safeguard Wallets and Systems
- How to make the most of the technology you have
- Personnel, Planet and Business Progress: More Interdependent Than Ever Before
- Sure… you can get them all in the boat – but can you get them to work well together?
- Pushing the Zero Trust Envelope – Cisco is Named a Leader in the 2020 Forrester Zero Trust Wave
- Cloud Data Must be Protected, Too!
- Don’t Let Anyone Get the Dirt on You – Make It Instead!
- How IoT Devices Can Help You and Your business
- WebEx – A World of Possibility
- Creating Your Breach Response Plan Now Will Save You Thousands Down The Road
- Been hacked? Here’s what you must do next.
- The Need for Pen Testing is At an All-Time High
- 5 Ways an IT Reseller Improves Your Performance and Peace-of-Mind
- 5G and Wi-Fi 6: Faster, more flexible, and future ready. Are you?
- Network and Data Security for Returning and Remote Workers + Disaster Recovery Symposium
- Collaboration and Cisco WebEx: Protecting Your Data
- Thursday’s Virtual Conference Tackles Today’s Supply Chain Trials and Tribulations
- 10 Tips to Reduce Cloud Storage Risk
- COVID-19 Crisis Fuelling IT Spending
- Supply Chain/Logistics Experts Share Their Expertise
- Cisco Breach Defence Overview
- Announcing Our New Website and Blog
In our last post we talked about how rising numbers of breaches and increased cost per breach are prompting insurance companies to change requirements to qualify for cyberinsurance coverage.
So, what are costs of Data Breaches Today?
Last year, IBM commissioned the Ponemon Institute to conduct independent research, investigating 537 real breaches, in 17 countries and 17 different industries. According to the analysis of information from the +3,500 interviews conducted:
“The average total cost of a data breach increased by nearly 10%, from an average $3.86 million to $4.24 million per incident.” This was the single average cost increase since 2013, when there was a spike in ransomware demand amounts.
Statista.com, which tends to be a little more conservative in comparison with the Verizon Data Breach Investigations Report (DBIR), and other industry-standard data breach reports, puts the figure at just under $4 million USD for most industries. The exception: Healthcare, where the average cost in 2020 was $7.13 – $7.4 USD Million (depending on whose research you use) and is already somewhere between $9.0 and $9.23 Million USD for 2021. This is nearly a 30% increase over 2020!
Why? Not only is it the size of healthcare organisations, and that because having the network go down can have life and death consequences, it’s the value of the data. For these reasons, healthcare gets targeted more aggressively. The value the data has also made educational institutions more attractive to professional bad actors. In this video, a cybercriminal explains why going after schools, higher institutions of learning and other public sector organisations is so lucrative.
As we have reported previously, remote working has made companies more vulnerable to attack – and the new figures clearly show that, on average, the cost approximately $1 million higher when remote working was a factor. “Additionally, organizations that had more than 50% of their workforce working remotely took 58 days longer to identify and contain breaches than those with 50% or less working remotely.” (IBM, Cost of Data Breach Report 2021)
All in all, breaches numbers and costs have been doubling every 3 years or so, and are expected to continue at increase at this rate though 2025.
5 Ways to Reduce Your Risk
Ensure cloud, edge/perimeter, network and endpoints are ALL fully-protected.
In 2020, over 35% of all data either resided on, or passed through the cloud – yet many firms don’t take the necessary steps to protect their cloud and edge / full perimeter – in addition to your network and endpoints.
This is why SASE (Secure Access Secure Edge ) should be part of your security strategy discussion.
Recently introduced by Gartner, the term SASE refers to a framework in which networking and security functions converge into a single integrated service that works at the cloud edge to deliver protection and performance as a single solution and approach.
One of the many partners with which we work is Cisco. You can read more about SASE in Cisco’s mini e-book: “Investing in a long-term security strategy – The 3 keys to achieving SASE”.
You might also find our “Cloud Covered? If Not, Take Cover!” blog post of interest.
Get an independent security assessment and implement the recommended changes.
Building on the above bullet point, Gartner says it all: “It isn’t so much about whether the cloud is secure…It’s mostly about how securely you are using it.”
According to the Gartner Innovation Insight for Cloud Security Posture Management report, “Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement, and mistakes. Security and risk management leaders should invest in cloud security posture management processes and tools to proactively and reactively identify and remediate these risks.”
Indeed, when conducting security audits and assessments, we often find even the best IT departments can have small errors or set-up glitches, or ongoing patching problems, that create gaps that leave their networks vulnerable.
A July 2019 study conducted by the Ponemon Institute in shows that 57% of breach victims indicated they had been aware of a network security issue, but that it had not been addressed prior to the attack. More recent studies suggest the percentage may be even higher now that people are working remotely.
The same Ponemon Institute study suggests that over half of IT leaders don’t know how well their security is operating. For this reason, it is advisable to hire an outside expert to conduct a security assessment at least once a year. This will give you a list of where you are vulnerable, Firms are also advised to consult their network and other business insurance requirements – for some types of businesses, the insurance is not valid if a network security audit is not completed every 3 – 6 months.
Review your security protocols and access policies at least once a quarter.
We find that many companies, although they are great at pulling up the drawbridge when an employee leaves, don’t change security and access privileges when employee responsibilities and roles change – or they accord the same privileges to the “new person” as a matter of course. Some firms also allow employees to use the company email while looking for a new job. All of these security lapses leave you vulnerable to bad actors.
The “Verizon 2021 Data Breach Investigations Report” corroborates this and shows that nearly 80% of breaches were the result of privilege abuse.
Invest in best-in-class firewalls and other software – AND engage a professional, third-party Managed Services firm to handle your security needs.
Today, it’s not enough to have the best solutions in place, you also need to have experts dedicated to ensuring things run as they should – and that all alarms are answered and problem remediated as they arise.
Not only will this save you money, it will enable you to have experts in each of the many facets of security today watching over you and your network 24/7/365. By augmenting your IT department this way, you’ll also be able to focus your energies on the important tasks needed for your organisation to operate optimally, and your business to thrive.
Contact Us, Cloud Managed Networks to discuss your business goals, network needs and security strategies.
We are a manufacturer agnostic firm dedicated to helping our clients lay the IT infrastructure needed to have a highly-efficient, optimally-working, secure network today – while laying the foundation to achieve their long term desired business goals. Our focus is on helping you achieve your objectives in the most effective manner, while being respectful of your budgets. We have experts on staff, or within our extensive partner network, to ensure the best solution and approach are taken. We’re also happy to offer you advice, without cost or commitment, if you simply need expert input.