The Real Cost of a Data Breach & How to Keep Business Data Safe
Verizon claims companies pay just $ 0.58 cent for a lost file. EMC believes data loss costs businesses up to $ 1.7 trillion annually. When it comes to the average cost of a data breach, researchers are yet to reach common ground. The recent surge in cyberattacks involving compromised IoT devices and outdated enterprise software proves one thing: a forward-thinking businessman can’t be too serious about data security. What are the top causes of data loss, how can your company prevent data breaches and how much does data loss really cost your company? Read on to find out!
Verizon claims companies pay just $ 0.58 cent for a lost file. EMC believes data loss costs businesses up to $ 1.7 trillion annually. When it comes to the average cost of a data breach, researchers are yet to reach common ground. The recent surge in cyberattacks involving compromised IoT devices and outdated enterprise software proves one thing: a forward-thinking businessman can’t be too serious about data security. What are the top causes of data loss, how can your company prevent data breaches and how much does data loss really cost your company? Read on to find out!
Top 3 causes of data loss
As more businesses acknowledge the fact that new data environments are extremely difficult to protect, the social awareness around cybersecurity and data loss has reached the historic high. According to Gemalto’s recent survey, the total amount of stolen and compromised records in the first half of 2017 increased by 164% (compared to the last half of 2016).
Although the average cost of a stolen record which contains confidential or sensitive data has decreased by $ 17 over the same period and is now estimated at $ 141, companies are dealing with larger breaches (24+ thousand records) these days and therefore bear larger losses.
So, what are the reasons behind the world’s biggest data breaches?
- Outdated IT systems. 50% of enterprise applications contain at least one documented security flaw. Last year the WannaCry cryptoworm, for instance, infected over 200 thousand PCs running older versions of Windows that were no longer patched by Microsoft. In 2016 Dyn DDoS attack was triggered by the Mirai botnet made up of compromised IoT gadgets including baby monitors and video cameras and brought thousands of websites down; among the businesses affected by the attack were Netflix, Amazon and Airbnb. Following the attack, 14 thousand customers (that’s about 8% of Dyn’s total customer base) decided not to use the company’s services anymore;
- Lack of corporate security standards. These include unclear Bring Your Own Device (BYOD) requirements, the lack of employee screenings preventing insider theft, user errors resulting in accidental data loss and phishing attacks, as well as companies’ failure to encrypt sensitive data and conduct data back-ups on a regular basis. According to Identity Theft Resource Center, human error alone caused 8.7% of all data breaches registered through 2016;
- Malware attacks. Hacking, phishing, and skimming accounted for over 55% of all data breaches last year. Through 2017, ransomware attacks surged 250% and caused over $ 5 billion in damage. By the way, it will take your company 196 (!) days to fix a high-severity vulnerability like Cross-site Scripting or SQL injection if an attack actually takes place.
Among other factors which affect business IT infrastructure security and lead to serious data breaches we should also name the use of open-source and reusable code (such as libraries and plugins that are no longer patched by their vendors), wrong technology stack and software architecture choices made at the early stages of the development process and short IT projects timeframes which leave developers less time for Quality Assurance (QA) and bug fixing.
The real cost of a data breach revealed
Obviously, the damage caused by downtime and actual data loss is just the tip of the iceberg. What really matters is the impact on employee productivity and your corporate reputation.
When your enterprise network is compromised, your employees have to work offline; instead of classic downtime which costs small and medium-sized companies around $ 8 thousand per hour, you get “slow time” – and this might be even worse since you still pay salaries and network services bills. Also, there’s data recovery which is typically measured in days rather than hours. Subsequently, you get extended project timelines and time to market, which affects your future ROI. Also, there might be legal complaints filed by your consumers and federal authorities.
Keeping your data safe: tips from Sirin Software
There are several ways to protect your business data:
- First of all, you should determine what types of data need protection the most and secure the software dealing with it;
- Second, you should address an experienced QA provider to conduct a proper inventory of your enterprise apps and detect its vulnerable components (including those of third-party plugins and libraries);
- Develop a corporate security policy covering BYOD implementation standards and security best practices preventing accidental data loss and software infection;
- Prioritize security risks and address them accordingly;
- Invest in new security technologies.
Here’s an example of data loss prevention and corporate security management done right.
Our customer – one of the leading EU banks with over 10 thousand employees – addressed Sirin Software to create a cloud-based platform which would analyze incoming and outgoing traffic and detect suspicious network activity. Our team has developed the IP Analyzer and Probe platform that processes and analyzes traffic through the central server. Its technology stack includes Linux and C/C++, as well as several communication protocols (SMTP, HTTP, IMAP, etc.) which ensure safe data transmission. Besides traffic analysis, the IP Analyzer platform does troubleshooting with little to no human interference. The solution also features a web-based admin console which allows our customer to manage user data and change the platform’s settings if required.
Had Dyn made use of a platform like this, the infamous DDoS attack would’ve never taken place!
In a world where more and more business data is digitalized and the cost of data loss and breaches is expected to top $ 2.1 trillion by 2019, companies that continue to ignore security threats are doomed to failure. In case you don’t want to be one of those companies, make sure to visit our Contacts page and tell us your story. As a prominent vendor with over 30 successful IoT projects up our sleeve, we know how to protect your data and ensure your success!