For the first time in a long time, the average data breach cost has declined 10% globally, according to the latest numbers from the Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview.
While breach costs are down globally, the US, Middle East and Canada saw rising costs
The overall cost of a data breach decreased to $3.62 million, down 10% from $4 million last year, and the average cost per lost or stolen record was reported as $141. However, while the overall cost of a data breach decreased, many regions experienced an increased cost of a data breach. Take the US for example, who experienced a five percent increase compared to last year, coming in at $7.35 million. The US is not alone in rising costs. Middle Eastern organizations had the second highest average cost of a data breach at $4.94 million – a more than 10 percent increase. And Canada is the third most expensive country for data breaches, costing organizations an average of $4.31 million.
Speed of containment effects the bottom line
Almost half of organizations who participated in the study (47 percent) identified the root cause of the data breach as a malicious or criminal attack. According to the study, on average, organizations took more than six months to identify a breach, and it took more than 66 additional days to contain a breach once discovered. However, what’s more alarming is the time to identify and the time to contain a breach were highest for malicious and criminal attacks; 214 and 77 days respectively. Factor in that almost half of the breaches studied were malicious in nature that doesn’t bode well for organizations given the ever-increasing volume of cyber crime attacks.
There is a bright spot. The study also showed that how quickly an organization contained a data breach had a direct effect on the financial impact. Case in point, the cost of a data breach was nearly $1 million lower for organizations that were able to contain the breach in less than thirty days. An article in HelpNet Security also noted that the “Speed of response will be increasingly critical as GDPR is implemented in May 2018, which will require organizations doing business in Europe to report data breaches within 72 hours or risk facing fines of up to four percent of their global annual turnover.”
Now is the time to start hunting if you haven’t already
If you’ve been on the fence about implementing threat hunting program these numbers should provide you with the business case to act sooner than later.
Enterprises need to proactively look for compromises to manage the breach detection gap – the period of time between infection and discovery, also known as dwell time.
The key steps that anchor this process are:
- Determine an acceptable “breach discovery window” for threats that have slipped through existing defenses; then
- Enforce it by proactively hunting for malware that has breached in order to discover it within the established window.
The following 4 key principles are helpful in navigating this process:
- Accept that malware and APTs will breach existing defenses
- Endpoints should be treated as untrusted until proven otherwise
- Any trust established is both finite and fleeting
- Endpoints need to be validated as malware free – anytime, anyplace.
The simplest way for enterprises to adhere to these principles, is to implement a threat hunting solution that can root out malware and threats that have breached defenses and are persisting undetected, and enforce the breach discovery window.
Infocyte HUNT offers organizations the ability to scan, find, and identify any suspicious software that has penetrated defenses – whether the malware is known or unknown, active or dormant. It’s automated discovery process allows you to quickly find threats and get to the business of incident response faster. And as the Ponemon data shows – the faster you contain incidents, the smaller the financial impact.