Data leakage prevention is increasingly becoming a complex problem for organizations. The average cost of data leakage continues to rise. According to the latest data leakage cost report, the average cost of respondents in 2019 is as high as $3.92 million. Although protecting data is an important part of network security, the probability of being invaded is also increasing. This could put pressure on the security team to plan for what appears to be an inevitable invasion.
Although organizations may have obvious concerns about these trends, the “cost of data disclosure reporting” is gratifying that event response is effective in reducing the cost of data disclosure. How to reduce the cost of data leakage after network security incidents?
The data leakage cost report studies hundreds of factors that affect the data leakage cost of more than 500 enterprises in the 12 months of 2018 and 2019, including detection, notification costs, regulatory fines, legal costs and lost businesses. The benefit of this study is that it allows us to understand how these different factors affect costs, for better or worse.
At the IBM X-Force event response and intelligence services (IRIS) team, we said that the ability to respond quickly to network events and limit the impact is the key to the difference between controllable and far-reaching disasters. In other words, time is money. The data seem to prove that.
The 2019 report shows that one of the main factors affecting the cost of data disclosure is the time to detect and contain data leakage, which is the so-called data leakage life cycle. In 2019, the average life cycle of data leakage in the study was 279 days, but the cost of organizations with less than 200 days of data leakage in the study was reduced by about $1.2 million (US $3.34 million and US $4.56 million, respectively), 37% less than that of organizations with more than 200 days of data leakage.
According to the research, the factors leading to the cost difference include the type of default; the most expensive vulnerability is caused by malicious attackers (whether external or internal), and the vulnerability caused by malicious attackers takes longer to identify and contain (average 314 days, compared with the overall average 279 days). This may be because the longer it takes to identify and contain vulnerabilities, the longer it takes for attackers to move around the system and cause damage, and the higher the cost of investigating vulnerabilities and clearing damage.
This is especially true in the case of destructive attacks, including extortion software, such as the multi billion dollar epidemic virus of notpetya in 2017 or the recent lockergoga attack. According to the latest report of X-Force iris on destructive attacks, we found the cost of iris customers suffering from these attacks in our research. The average cost faced by large multinational companies is $239 million, 61 times the average cost of data disclosure.
Of the 26 factors investigated in 2019, the two most effective ways to reduce the total cost of data leakage include incident response. The establishment of accident response team is the primary factor to reduce the cost, reducing the average total cost of data leakage by 360000 US dollars (the adjusted average cost is 3.56 million US dollars, while the overall average cost is 3.92 million US dollars). Next, extensive testing of the event response plan resulted in an average total cost reduction of $320000 (adjusted cost of $3.6 million).
Most impressively, the study found that the average total cost of the surveyed organizations with both event response teams and test event response plans was $3.51 million, while the average total cost of the surveyed organizations without event response teams and test events was $4.74 million.
That would save $1.23 million, or 35%. My conclusion from this discovery is that having an event response team and an event response plan is the baseline. To really reduce response time and the time to contain cyber attacks, thereby reducing the total cost of cyber attacks, you should read the entire script over and over again until the team can keep it in mind.
Prevention is not a long-term solution, so preparation and planning are necessary to help minimize the impact of network events. To this end, we suggest the following five ways to help you reduce response time and minimize the financial and reputation losses caused by data leakage.
The effectiveness of event response depends on making plans, testing plans, finding invalid plans and adjusting plans accordingly. But your plan only depends on the people who implement it. Teams need to practice leadership, communication and decision-making skills to deal with the most difficult situations. Desktop exercises can help, but the team may be more successful in building emotional and physical responsiveness in a simulated environment, such as a network wide environment.
You should automate your responses as much as possible through technology, including enterprise detection and response tools that can help automate choreography. The data disclosure cost report found that security automation can help investigators reduce data disclosure costs by 50%. In 2019, the average cost of data leakage for organizations fully deploying security automation is $2.65 million, compared with $5.16 million for organizations not deploying security automation.
In the “data disclosure cost report” in 2019, 51% of the data leakage of investigation institutions is caused by malicious or criminal attacks. Threat Intelligence can help you understand the different motives, capabilities, and intentions of an attacker, and let you understand your risks and make more effective security investments.
In the 2019 data disclosure report, the business loss is the largest among the four major cost categories studied – more expensive than post event response costs such as detection and upgrade, notification, and legal costs. You don’t want to increase the cost of data or recovery damage to systems that are expensive due to system shutdown or disruptive attacks. Organizations should store backups offline and not be able to access them from the primary system so that attackers cannot destroy them.
If your event response team is unprepared or overwhelmed, consider evaluating event response service providers, who can intervene in conflicts and help you deal with complex network events, such as destructive attacks. Event response leaders can not only help you control attacks, but also help you remedy and recover, and help your business re run. When you really need help, there’s nothing embarrassing about asking for help, especially considering the cost of a wrong response.