Cyber Resilience

IBM Cost of a Data Breach Report

Skills (and Visibility) Gaps Widening

Data Breaches and Costs are on the Rise!
Global research conducted by the Ponemon Institute for IBM’s 19th Cost of Data Breach Report found the average cost of incurring a breach reached $4.88 million this year, a 10% jump versus the previous year’s report and the biggest since the height of the pandemic. This blog summarizes contributing factors to the accelerated growth in breach costs and what the report recommends doing to fight back (and yes, it involves AI)
 
Leading factors that amplified breach costs included security system complexity, a lack of cybersecurity skills, and third-party breaches, which can include supply chain attacks.  

IT Failures and Human Error Cause Nearly Half of All Breaches

    While external attacks and insider threats made up 55% of all breaches, nearly one-quarter (23%) were due to IT failure and another 22% to human error – a total of nearly half. That’s not very surprising when you consider that humans play a role in most credential-based attacks, revealing their coveted passwords through social engineering exploits or getting duped into entering them into bogus account sign-in pages.

    Companies continue to invest millions in educating users to spot phishing emails and other attempts to bypass security controls, but training, even backed by email and endpoint security, doesn’t seem to be enough.

    AI-Powered Risk Gets Real

    Humans still represent the biggest wild cards for security teams, but the increased use of artificial intelligence (AI) and generative AI tools like Chat GPT in particular also appears to be contributing to the accelerated growth of breach costs.

    While the analogy feels mean, AI may very well be the ‘pandemic’ of 2024 in terms of driving breach costs higher but there are some key similarities. Organizations and rogue individuals within organizations continue to move ahead quickly with finding new uses for AI, just like IT departments moved forward quickly with remote work and digitalization in 2021. AI expands the enterprise’s digital attack surface and gives threat actors a powerful force-multiplier for launching cloud-speed attacks, just like we saw a few years ago.   

    The kicker? Other research from the IBM Institute for Business Value (IBM IBV) found that just 24% of these AI initiatives currently get secured.

    Enter ‘Shadow AI”

    More than a third of data breaches involve some form of shadow data from unmanaged sources and now we have ‘shadow’ AI. This occurs when employees’ use of gen AI flies under the radar of IT teams. Unmanaged and unsanctioned by IT, shadow data occurs when users feed AI tools through unauthorized applications or upload data to unofficial cloud buckets. The report found that breaches involving shadow data lasted longer and promoted higher breach and recovery costs. Unencrypted data, including data found in AI workloads, further increases the risk.  

    According to the report, the widespread adoption of gen AI tools will bring new risk that adds to the strain on notoriously overburdened cybersecurity teams. Which brings us to another key point:

    Skills Gaps Compound the Problem (As Always)

    Cybersecurity skills shortages have become a, “what else is new?” But there seem to be some nuances.

    This year’s IBM study showed more than half of breached organizations faced ‘severe’ security staffing shortages and that the skills gaps widened at a faster pace versus the year before. In other words, there are relatively fewer trained security experts to go around as AI adds speed, sophistication, and scale to modern attacks.osecurity-magazine.com/news/organizations-76-security-tools/

    Related Content: How to Create an Effective Breach Defense Strategy

    The News Wasn’t All Bad

    More than 75% of organizations that had fully recovered said the process took longer than 100 days. The bulk of that time elapses before defenders become aware of attacks. The ‘good news’ here is that security teams were the ones to identify a breach 42% of the time, followed by benign third parties at 34%. This figure was marked a significant improvement compared with the 2023 report that showed security teams only discovered breaches only one-third of the time. The change shows security teams were able to speed up detection, thanks in part to using AI themselves on the defensive side:

      Among the factors that decreased the cost of a breach, AI and machine learning insights ranked second only to employee education, followed closely by the use of a SIEM (a definite plus for IBM), IR planning, and encryption

        Visibility Helps On All Counts

        With the exception of training employees, the security strategies that reduce the cost of breaches all have one thing in common: they require reliable, complete visibility of the network, right down to the traffic packets. Digitalization does not necessarily translate into visibility of an asset or lateral movement through your network to get close to it.

        Many organizations now operate systems in the cloud and on-prem, use multiple SaaS services, and support some percentage of employees that work remotely. Many maintain incomplete or

        out-of-date inventories of assets and data which makes it harder to pinpoint threats and validate that

        data has been breached.

        Better Visibility = Fewer Delays = Lower Breach Costs

        Security teams should ensure they have comprehensive visibility into all their environments, anywhere users, devices, and data reside and connect. That visibility starts with tapping network data right from the network – copying actual packets – and grooming traffic for efficient analysis by performance and security monitoring solutions from Forescout, Riverbed, Extrahop, Riverbed, Cisco, and IBM themselves.

        “Grooming” traffic for efficient analysis by tools can begin with decrypting traffic – actually offloading this processing-intensive task from firewalls and other security elements – removing duplicated data and unwanted headers, and adding rich metadata about applications to help identify and investigate threats.

        Visibility must span all areas, including public clouds, and give security teams deeper understanding of specific risks they face. 

        Visibility = Faster Response and Recovery Times

        IBM defines a business as being “recovered” once the following happens:

        • Operations get back to normal in affected areas
        • Compliance obligations, such as paying fines, are met
        • Customer confidence and employee trust have been restored
        • New or better controls, technologies, and expertise have been put in place to prevent future breaches

        Best-practice network visibility has been shown to reduce mean-time-to-repair (MTTR) by up to 75% in some cases, and also improves utilization and performance of monitoring and detection tools used to pinpoint the source of threats.

        Visibility Aligns With Zero Trust Which Aligns With Zero Breach Costs

        Keysight and a host of other security companies have been saying it for years: you can’t protect what you can’t see. That’s still true, and it’s more important than ever with workforces, data, and even security teams more geographically dispersed than ever.

        Visibility does all kind of good things but of note here is playing a foundational role in improving security and lowering the odds and cost of incurring a data breach. To learn more about how network visibility acts as a force-multiplier for your world-class cybersecurity practice, visit getnetworkvisibility.com.

        Related

        Resources