The point isn’t to guarantee the complete prevention of cyber incidents – it’s about raising the price of attacks for attackers, making an attack unaffordable, and not worth their while
Most enterprises are on a path towards digital transformation, while over half CISOs agree that this is the tech trend that will have the greatest impact on their organisation’s IT security, according to the results of research conducted by company Kaspersky Lab.
There’s an inconvenient truth in the business community. As many business decision-makers are only too aware, hardly a week seemingly goes by without a data breach of some form being reported to the press, while we continue to witness major breaches that impact on thousands of people worldwide.
We discovered last March that the data of 87 million Facebook users had been shared. Then, last June, Ticketmaster revealed that the login information, payment data, addresses, names and phone numbers of almost 40,000 people had been breached. And this was followed, in early September, by hackers breaking into the systems at British Airways, impacting 380,000 transactions.
When breaches happen – even if on a smaller scale than the examples cited above – they have brutal consequences. With new regulations like the GDPR taking hold, fines are also a big fear factor for business leaders. According to reports, Facebook’s fine for its part in the Cambridge Analytica scandal could have been 1.4 billion dollars in the post-GDPR world – a harsh sum even for a global giant like Facebook to fork out. Likewise, for small businesses too, the prospect of paying up to four per cent of their annual turnover as a fine isn’t a fun one.
Are cybersecurity breaches unavoidable?
– According to our survey results, almost nine-in-ten (86%) CISOs believe that breaches are inevitable. Most enterprises are on a path towards digital transformation, with over half (52%) agreeing that this is the tech trend that will have the greatest impact on their organisation’s IT security over the next five years. Digital transformation widens the surface of attack, giving cybercriminals more opportunities to find weaknesses, creep into systems and leak or exploit data. Cloud adoption, the increasing mobility of workforces, and the rise in the use of digital channels are all contributing factors here, increasing the risks.
An average breach costs a large enterprise up to $1.23 million — but this cost will drop to a minimum if the necessary measures are taken
And this isn’t the only factor that CISOs are up against. What if a malicious insider – an employee perhaps – was to single-handedly work against a company, or even combine their efforts with those of an external attacker? This sort of threat could be especially difficult to identify and prevent in advance.
How to adapt?
– If breaching an organisation promises to bring substantial gains to the attackers, and those gains exceed the resources they need to organise the attack in the first place, then as far as the criminals are concerned, their efforts are easily justified.
It is becoming increasingly clear that businesses can no longer live in the prevention only paradigm. That mindset is simply outdated and out of sync with how businesses operate today.
The point is not about guaranteeing the complete prevention of cyber incidents – it’s about raising the price of attacks for attackers, making an attack unaffordable, and thus not worth their while. When it comes to minimising the impact of targeted, highly elaborated attacks – detection and a comprehensive, timely response should be the priority.
It’s all about getting your perimeter and security team ready to immediately address any attempt to interfere with your organisation’s network. An average breach costs a large enterprise up to $1.23 million — but this cost will drop to a minimum if the necessary measures are taken, or even to nothing at all. That sounds like a sensible business decision.