The past year has seen many hard-hitting ransomware headlines thanks to the likes of WannaCry and NotPetya, with an increasing number of companies being affected.
Despite this, outdated security software and procedures remain prevalent amongst many of the biggest companies in the world, mainly due to the cost implications. However, when you look at the true cost of dealing with a data breach, this price is just a small one to pay.
The first six months of 2017 saw more data lost or stolen than throughout the whole of 2016 – a total of 1.9 billion compared to 1.37 billion in 2016. Each time one of these breaches hits the headlines, it inevitably creates a flurry of stories about the affected company and its customers, and results in two types of cost: direct and indirect.
Direct costs involve those where expenses are directly attributable to post-breach activities whilst indirect costs are those which arise as a result of the breach, such as the loss of customers.
Though every data breach is different, Ponemon has identified the average cost of a breach as $3.62 million in its 2017 Cost of Data Breach study, though certain industries can have more costly breaches.
However, it is almost as important to consider those indirect costs which can also affect a company’s chance of rebounding from a cyber attack. Some examples of these could be:
• Litigation – The first, and most obvious, of these costs, comes in the form of legal action, with many customers and victims seeking monetary compensation, even when financial losses cannot be quantified.
• Damage to company databases – According to the Ponemon Cost of Data Breach study, the US has some of the highest post-breach response costs, which includes the cost of repairing and remediating a company database once it’s been hacked.
>See also: Don’t play the data breach blame game
• Reputational damage – One of the biggest impacts following a data breach is the effect on the company’s reputation. Research has shown that up to a third of customers in retail, finance and healthcare will stop doing business with organisations that have been breached. In addition, companies that have experienced a breach often see an increased cost when it comes to acquiring new customers.
The fact is, malicious actors are here to stay for the foreseeable future, and they don’t discriminate when choosing their victims. The long term damage caused by a breach can be mitigated based on how the company reacts, but organisations should audit their security protocols and solutions regularly whilst also considering the cost to replace outdated systems against the expense of such a data breach. In the meantime, there are ways in which an organisation can protect itself:
• Use a product which offers a warranty for its protection technology.
• Go beyond signature-based detection. Invest in behavioural detection in combination with machine learning based on AI, which will identify the malware’s path and takes the necessary steps to protect the organisation.
• Invest in employee education. Training employees to identify malicious emails and files will help prevent an organisation from becoming a victim of an attack.
• Apply patch updates regularly or deploy technology which removes the need for manual updating. This technology works by automatically identifying vulnerable applications and deploying the latest updates as they become available.
• Implement a regular backup process using a simple ‘one touch’ rollback system to allow organisations to automatically roll back and regain access to their data.
Until organisations take control of their security solutions and make these efforts a priority, the possibility of becoming the next big headline will continue to loom.
Sourced by Patrice Puichard, senior director EMEA, SentinelOne