Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Data Breaches Are A “When,” Not An “If.” Here’s How You Can Prepare.

Published 10/04/2022

Data Breaches Are A “When,” Not An “If.” Here’s How You Can Prepare.

Originally published by PKWARE here.

Cyber attackers have spent considerable time and resource to develop cyberattack methods that evade detection. Which means a focus on complete attack prevention may be unattainable—or if attainable, not sustainable for very long.

Cyber criminals are becoming increasingly organized, with increasingly sophisticated attack methods. For most organizations, this means it’s less a question of if a cyber-attack happens, but when. Adopting this approach adds an additional layer of protection beyond boundary control aimed at keeping threat actors out of your data, and begins including the extra measure of protection of making any data obtained unusable to anyone outside the organization.

Faster Identification and Containment

Organizations that use security AI and automation experienced on average an 80 percent reduction in cost of breach, largely due to their ability to more quickly identify and contain the breach. Organizations with fully deployed security AI and automate averaged 247 days total to identify (184 days) and contain (63 days) a breach.

While a shortened time to resolution certainly reduces the ripple effects and overall costs of a data breach, other protection methods can mitigate issues by ensuring that data remains in a state that renders it unusable to hackers and threat actors. For example, IBM’s most recent Cost of a Data Breach Report found that high standard encryption was a top mitigating cost factor. Without decryption capabilities, encrypted data is worthless. While customers and data compliance regulators must be notified of the breach, consumers may yet retain confidence in the business despite the breach if they know their data remains protected and inaccessible even in the wrong hands.

Other security tools can also come into play at keeping the ripple effects of a data breach to a minimum. Companies with remote workers could see data breach costs increase by $1.07 million; unified endpoint management is identified as a solution for protecting and monitoring endpoints and remote employees. And with many businesses using multiple systems to accomplish their day-to-day business activities, security tools that can share data across disparate systems can also play a key role in minimizing the effect of a data breach.

Increase Visibility and Plan for Failure

The complexity of today’s cyber environments—from hybrid environments spread across locations and teams to remote and hybrid work—all but guarantees the inevitability of a data breach. Navigating this inevitability means shifting focus from breach prevention to breach management. Essentially, cybersecurity teams should plan for failure: Assume your organization will at some point suffer a breach and put measures in place (automation, encryption, etc.) that can limit the widespread effects.

Reducing the impact and ripple effect of a data breach starts with increasing the level of visibility into networks, cloud services, and endpoints. Surveyed IT professionals reported their organizations have, on average, 750 endpoints in use on any given day. That alone can feel like an overwhelming number of places for data to hide, but then factor in servers, cloud, data repositories, and data lakes, and security teams face an enormous challenge in finding and protecting data everywhere it is stored, used, and sent. The recent State of Data Security 2022 Report found that only 8 percent of organizations could confidently find every piece of sensitive or critical data across their environments. Which means that 92 percent of organizations are still looking for their sensitive data, or may only know where it was stored after the environment has been attacked and the data stolen.

Want to read more? Download our complimentary ebook, How Much Can You Lose in A Cyber Attack? The Ripple Effect of A Data Breach.

Share this content on your favorite social network today!