The impact of a data breach can be devastating to any size organization. Operations are disrupted, direct monetary losses can occur (e.g., ransomware), and businesses can be affected by the lost trust.
Because of the complex nature of technology and interconnectedness, most companies will face a breach at some point. According to IBM Security’s “Cost of a Data Breach Report 2022,” one or more breaches have impacted 83% of surveyed organizations.
The mix between where those breaches happen has also been increasingly moving to a split between on-premises and cloud infrastructure. Currently, 45% of breaches were cloud-based last year.
It’s important to properly prepare a facility to both mitigate and withstand a breach. The cybersecurity ideal is to avoid a breach altogether, however, if one does occur, the protective steps taken can also mitigate the costs. And costs are getting higher.
The global average cost for a data breach stands at $4.35 million. If you’re in the U.S., you pay significantly more. The average cost of a data breach in the United States is $9.44 million.
The report didn’t only bring bad news. It also provided plenty of insights into what organizations can do to lower those costs. For example, the first tactic below can decrease the cost of a breach by more than half.
Vulnerability management doesn’t need to be expensive. Review these tactics to see where your facility stands, and use them as a road map for your cybersecurity strategy in the coming year.
All statistics in this article come from the IBM Security report.
Create an Incident Response Plan & Test It
One way to reduce the cost of a data breach by more than half is to create an incident response (IR) plan. When organizations have an IR plan in place and regularly test and practice that plan, the average cost of a data breach reduces from $4.35 million to $1.69 million (a savings of $2.66 million).
You should have an incident response plan that lays out the steps to take for various types of cybersecurity incidents. Everything from a mobile endpoint attack to cloud storage being infected with ransomware.
Testing that plan is key because, during testing, the plan can be refined and made more efficient. Teams also become better at calmly and quickly implementing the steps of the plan in a real crisis because they’ve already been through it.
Implement Zero Trust
Using a zero trust security approach reduces the cost of a data breach by $1.51 million. Zero trust includes putting various tactics in place that remove many of the risks caused by blindly trusting users and applications simply because they’re logged into the network legitimately.
Some of the tenets of zero trust include vulnerability monitoring, multi-factor authentication, application safelisting, and program ring-fencing.
While a majority of organizations still haven’t adopted a zero trust approach, more are getting on board each year. The IBM Security report found that in 2020, 35% of companies said they had partially or fully deployed a zero trust architecture. In 2021, that percentage rose to 41%.
Image from IBM Security’s “Cost of a Data Breach Report 2022”
Use a Hybrid Cloud Approach
There are typically three types of cloud approaches that organizations and mission-critical facilities can use:
- Public cloud
- Private cloud
- Hybrid cloud
A public cloud program will be something like Microsoft 365. The cloud provider hosts the platform architecture and servers where the application and data are stored.
The private cloud is controlled by the organization. They may use a service like AWS to facilitate the backbone architecture, but the application and data are typically housed on servers owned by or completely dedicated to that organization.
The hybrid cloud approach is a combination of these two. Using that combination can reduce risk and lower the costs of a data breach by allowing your organization to detect and respond to it faster.
Organizations that used a hybrid cloud approach were able to detect and contain a data breach 48 days faster than companies using only the public cloud model, and 8 days faster than companies using only the private cloud model.
Protect Cloud-Hosted Databases
Companies are reliant on the cloud for the ability to share and access data across sites and devices. This necessitates organizations moving from an on-premises-only mindset to one that recognizes the vulnerability and volume of cloud-based data.
When companies used mature cloud security practices, the cost of a cloud-based data breach was lowered by $720,000, as compared to those with no cloud security practices.
Cloud security best practices include:
- Using a data classification schema
- Using data encryption
- Tracking compliance
- Getting expert help with cloud security configurations
Get Started with an Affordable Vulnerability Management Solution
Download a free trial of CyberWizPro today!