Advanced Technologies will Enable Enhanced Security

Advanced Technologies will Enable Enhanced Security

CEOInsights Team, 0

Prashant Bhatkal, Security Software Leader, IBM India/South Asia rightly quoted that India is witnessing a change in the nature of cybercrimes. The crimes nor are extremely organized and collaborative with rising incidents of phishing attacks, social engineering attacks and more. According to the latest IBM Security global study that examined the financial impact of data breaches, reveals that such incidents cost companies $3.86 million per breach on average, and that compromised employee accounts were the most expensive root cause. And when it comes to India, the average total cost of data breach was Rs.140 million, an increase of 9.4 percent from 2019.

The report also reveals that the cost per lost or stolen record in the 2020 study in India was Rs.5,522, which increased 10 percent compared to last year. 53 percent of data breaches in the country were caused by malicious attacks. While identifying and mitigating such data breaches at the earliest is the only remorse once attacked, India doesn’t seem to be doing that great here! While the average time to identify a data breach increased from 221 to 230 days, the average time to contain a data breach increased from 77 to 83 days. If you think about the top three causes of data breaches, they are malicious attack (53 percent), system glitch (26 percent) and human error (21 percent).

Prashant adds, “The hybrid work environment has further brought about a dynamic change in the way organizations look at their security posture. While companies are being aware of the importance of cybersecurity solutions, we witnessed a 9.4 percent rise from last year in the total cost of data breach. Further, those with fully deployed security automation were able to detect and contain a breach more than 27 percent faster than those with none.” He continues, “Risks that we have been talking about for years, like password reuse, not patching, and improperly configured cloud infrastructure are major cost exacerbators in a breach, which are more financially damaging. In the SMB space, organizations are re-evaluating their risk management plans and planning to incorporate digital security into their various programs to build Digital Trust. In the enterprise space, while organizations have built some basic digital trust programs, they are looking at the modernization of their systems by adopting AI-driven security solutions. They are also looking at ways to migrate easily from one platform to another without compromising on security. There are also modernization projects of existing tools to measure scalability, cloud-readiness, and their compatibility to automatically leverage AI and orchestration capabilities to reduce the dependencies on human intervention”. Prashant
suggests that as organizations look to expand their digital foot print, technologies like automation, AI and cloud can help address skills gap, and support the security team to focus on larger issues.

The Global Outlook
The picture is not good across the world either. The report, which is based on in-depth analysis of data breaches experienced by over 500 organizations globally, highlights that 80 percent of these incidents resulted in the exposure of customers’ personally identifiable information (PII), which was one of the costliest to businesses. Another IBM study found that over half of employees new to working from home due to pandemic were not been provided with new guidelines on how to handle customer PII, despite the changing risk models associated with this shift.

The report also brings to fore other factors. Companies who have deployed smart tech like security automation technologies experienced less than half the data breach costs compared to those who didn’t have ($2.45 million vs. $6.03 million on average). The cost of premium for compromised credentials also spiked drastically. In incidents where attackers accessed corporate networks through the use of stolen or compromised credentials, businesses saw nearly $1 million higher data breach costs compared to the global average – reaching $4.77 million per data breach. Exploiting third-party vulnerabilities ranked as the second costliest root cause of malicious breaches for this group.

Even the mega breach costs soared by millions, from $388 million to $392 million in last one year. Beaches were 40 to 50 million records were exposed cost companies $364 million on average. The report also mentions that the nation state attacks were the costliest, compared to other threat actors examined in the report. The state-sponsored attacks averaged $4.43 million in data breach costs, surpassing both financially motivated cybercriminals and hacktivits.

“When it comes to businesses’ ability to mitigate the impact of a data breach, we’re beginning to see a clear advantage held by companies that have invested in automated technologies,” said Wendi Whitmore, Vice President, IBM X-Force Threat Intelligence. “At a time when businesses are expanding their digital footprint at an accelerated pace and security industry’s talent shortage persists, teams can be overwhelmed securing more devices, systems and data. Security automation can help resolve this burden, not only enabling a faster breach response but a significantly more cost-efficient one as well.”

But at the times when CISOs are vested with limited decision making power, how fair is it to hold them responsible for such breaches? An astonishing 46 percent of IBM Study respondents despite only 27 percent stating the CISO/CSO is the security policy and technology decision maker. In an interesting twist, the study mentions that while US continued to experience the highest data beach costs globally ($8.64 million on average), Scandinavia experienced the biggest year-on-year increase in breach costs (nearly 13 percent rise). The healthcare sector continued to incur the highest average breach costs at $7.13 million (10+ percent rise to last year).