With the massive rise in IT jobs and the increased focus on cybersecurity, you would think that companies would have their cybersecurity game down pat by now.
Protecting your company and your customers’ information is priority number one.
All it takes is one data breach and your business loses the trust of customers
and your employees.
While cybersecurity is a hot topic right now, every day, there seem to be more and more news stories about data breaches and leaks.
From large companies to even highly touted IT firms protecting high-end clients.
In this blog post, we will look at some of the reasons why organizations are having such a hard time keeping their data safe.
We’ll also discuss some of the steps businesses can take to improve their security posture and reduce their risk of being hacked.
Breaches Costs You… Big Time
A new report from Forrester Research, has some alarming recent statistics that will scare businesses that secure and store data online.
According to the report, more than 60% of companies and organizations experiencing an online data breach in the last 12 months.
A data breach can be anything. From private information your customers trusted you with — like credit card numbers or email addresses — to company trade secrets that give your business a competitive advantage.
If a breach of private business data wasn’t bad enough, the global price tag to fix these breaches has now skyrocketed to 2.4 million dollars per breach.
That number jumps to 3 million if the company doesn’t have the IT systems to respond immediately to the breach.
Tracking Down the Problem Isn’t Quick
It’s not easy to discover where in your IT system a intrusion could happen.
Trying to track down what loophole the perpetrators could find vulnerable is also difficult.
According to the Forrester report, it takes most companies, on average, 38 days to discover, destroy, and recover from the breach.
The report might make you say, “My IT department will be ready if an attack happens”
While they may seem ready, it will quickly come apparent if a plan isn’t in place.
Organizations that did not have the preparatory action in place in case of the breach took almost double the amount of time, 62 days, to fully recover from the attack.
Recovering isn’t a walk in the park for your company’s wallet.
The average cost of a North American company’s recovery period from a breach is around $3 million.
Being unprepared costs you an extra $1 million bringing that total to $4 million.
Tracking Down the Problem Isn’t Quick
It’s not easy to discover where in your IT system a intrusion could happen.
Trying to track down what loophole the perpetrators could find vulnerable is also difficult.
According to the Forrester report, it takes most companies, on average, 38 days to discover, destroy, and recover from the breach.
The report might make you say, “My IT department will be ready if an attack happens”
While they may seem ready, it will quickly come apparent if a plan isn’t in place.
Organizations that did not have the preparatory action in place in case of the breach took almost double the amount of time, 62 days, to fully recover from the attack.
Recovering isn’t a walk in the park for your company’s wallet.
The average cost of a North American company’s recovery period from a breach is around $3 million.
Being unprepared costs you an extra $1 million bringing that total to $4 million.
Global Comparison
Global Comparison
North American companies have always been the gold prize for most hackers looking for a quick buck. But tons of organizations worldwide struggle to keep their defenses ready for an attack.
According to the Forrester report, North American firms saw a little better defense against breaches. 59% responding to a breach in the last 12 months. The worldwide average on the other hand is 63%.
Businesses in Europe and Asia-Pacific seem to have more overall preparedness than their North American counterparts.
It might be because it costs more to recover from a breach in these regions fully.
Forrester defined preparedness as “Having defined steps written down, known, and tested before an incident.”
They also highlighted that knowing your plan of action helps limit the amount of recovery days needed.
Are You Preparing for the Right Types of Breaches?
A poll conducted in the report may explain why some IT departments are having trouble protecting themselves.
Forrester polled both North American security decision-makers who have not suffered a breach and those whose data was compromised or breached in the past 12 months; it was eye-opening to see what each company was worried about losing.
The poll listed the following intrusion types as the top worry for those who haven’t yet suffered a breach.
53% — External attack targeting the organization
29% — Internal incident within the organization
14% — Attack or incident involving a business partner or third-party supplier
4% — Lost or stolen assets
While the polling numbers make sense, the same question asked to organizations that have had a breach in the last 12 months paints a much different story:
29% — External attack targeting our organization
27% — Internal incident within our organization
21% — Attack or incident involving our business partners/third-party suppliers
23% — Lost or stolen asset
From this information, it’s clear that many companies focus too heavily on external attacks and not enough on what’s happening internally.
Are You Preparing for the Right Types of Breaches?
A poll conducted in the report may explain why some IT departments are having trouble protecting themselves.
Forrester polled both North American security decision-makers who have not suffered a breach and those whose data was compromised or breached in the past 12 months; it was eye-opening to see what each company was worried about losing.
The poll listed the following intrusion types as the top worry for those who haven’t yet suffered a breach.
53% — External attack targeting the organization
29% — Internal incident within the organization
14% — Attack or incident involving a business partner or third-party supplier
4% — Lost or stolen assets
While the polling numbers make sense, the same question asked to organizations that have had a breach in the last 12 months paints a much different story:
29% — External attack targeting our organization
27% — Internal incident within our organization
21% — Attack or incident involving our business partners/third-party suppliers
23% — Lost or stolen asset
From this information, it’s clear that many companies focus too heavily on external attacks and not enough on what’s happening internally.
What Forrester Discovered from This Poll
What Forrester Discovered from This Poll
Most IT security for many of these businesses feel like they have a good pulse on what is going on.
An analyst with Forrester’s Security and Risk group, Allie Mellen, says that the statistics paint a different picture.
“Typically, what we see is that concern [over external attackers] fuels a lot of decisions, but it’s not the case that a breach that comes through a third party is going to cost you any less,” Mellen says.
“We get that companies are worried about external attacks, but there are other aspects of this that they should be dedicating [their] time to.”
The best way for many of these IT departments to be ready for an attack is to be proactive.
Look at their data, measure their incident response and management capabilities, and use metrics to improve over time.
“Following the metrics is really important if you want to improve your strategies,” Mellen said. “The right metrics can help you identify your own biases and push beyond them.”
The Future of Protection
The Future of Protection
It is vital for all companies, no matter their size, to be aware of the current state of online security and take action to protect themselves better.
As the world continues to digitize, the number of cyberattacks will grow.
Being prepared for a breach is more important than ever, especially for multinational corporations. Needing to look hard at the different regions in which they conduct business.
Organizations should adapt based on regulations, incident costs, and threat landscapes unique to the regions that impact their operations.
Forrester’s report shows that many organizations struggle to protect themselves and their online assets.
By being aware of the current state of affairs and taking the necessary steps to improve security posture, companies can minimize the chances of falling victim to digital attacks.
Share This Story, Choose Your Platform!
Let’s have a 15-minute video call
We are now taking on new clients.