For the last few years, Ponemon Institute has published detailed reports on data breaches. The most recent report, published in 2018, explores the direct and indirect costs of an incident.
A data breach, as defined in the report, is an event where an individuals name, medical records, financial data, or payment cards are potentially placed at risk. These breaches tend to be the most damaging, but that doesn’t mean that the release of a company’s intellectual property, customer list, quotes and invoices can’t also financially impact an organization.
According to the report, Canada has the highest direct costs per compromised record. On average, a Canadian business will spend $81 per record on forensics, legal fees, and identify theft protection for its clients. Canadians also have the highest average per capita costs, so the indirect costs of a compromised record average $231.
Additionally, when the company is involved in a cloud migration at the time of the breach, the costs of the data breach increase by $12 per compromised record.
Typically, data breaches involve thousands — if not hundreds of thousands — of records. If you look at the costs per record in resolving a data breach and the factors that increase and decrease such costs, the aggregate costs are considerable.
How do data breaches happen?
There are several methods used by attackers to gain access to systems and their data.
The most common of which are :
An exploit : An attack that takes advantage of known software bugs or vulnerabilities to gain unauthorized access to a system or its data.
Spyware : A type of malware that infects a computer or network and steals information about you, your computer usage, and any vulnerable data that it can access.
Phishing : Attacks usually in the form of emails that have been “spoofed” to look like they’re from a a trusted vendor, coworker, or management. These emails ask that one share sensitive information like usernames or passwords, or redirect to a website posing as a trusted vendor asking a user to login.
Misconfigured hardware : Routers, servers (i.e. mail, RDP, web), cameras, etc. that are incorrectly configured to allow access to external parties without proper authentication.
How do we protect ourselves?
The Ponemon report highlights the needs for an organization, along with its IT support team, to perform regular and/or ongoing audits on its systems and third-party service providers.
Furthermore, it’s been our experience that proper user training on security and phishing also drastically decreases incidents and their associated costs.
Most importantly, hardware and software must be kept up-to-date with the latest security patches and firmware.
This is an often overlooked vector of attack as many companies don’t perform regular updates due to time, cost, or abide by the “if it isn’t broken, don’t fix it” mentality. Unfortunately, these unpatched applications, servers and routers are exactly what a cyber criminal is looking for within your network.