Running a business involves a lot of risk & reward.
Whether you develop a new product or introduce a new service, you’re putting yourself out there… taking a risk.
Whichever you choose, it’s bound to flop or succeed – risk/reward.
However, one aspect of business involves great risk and zero reward: a data breach.
That begs the question: “Are you doing everything you can to keep your company safe and secure?”
If not, then you’re in for a rude, expensive, and potentially devastating awakening, especially if you use a reactive approach instead of a proactive one.
What is a data breach?
Imagine that a thief breaks into your home, cracks your safe, and takes your credit cards, driver’s license, social security card, banking information, medical records, and all of your other sensitive documents.
Someone found a weakness in your home’s security, and exposed it, leaving you to feel violated, frustrated, and vulnerable.
Now, imagine that you’re in possession of that sensitive information for not only you, but you’re entire team and all of your customers (which is likely the case).
That same thief, otherwise known as a cybercriminal, found a weakness in your company’s security via computer, infiltrated your infrastructure, and gained access to & extracted ALL of that data… you’ve been breached.
In 2018 alone, data breaches exposed 5 billion records.
I’ll bet those earlier feelings just multiplied exponentially, and a few others likely arose.
What causes a data breach?
According to IBM’s 2018 Cost of a Data Breach Study, three main root causes exist for data breaches:
Malicious or criminal attack – 48% of breaches
This occurs when an inside or outside actor – a.k.a. hacker – uses various attack methods to gather information from either a network or an individual.
Some of these methods include:
- Malware – using malicious software, such as spyware, ransomware, viruses, and worms to breach a network through a vulnerable spot;
- Phishing – sending fraudulent communications (generally emails) that appear to come from a reputable source;
- Eavesdropping (MitM) – attacking as a “man-in-the-middle” during a two-party transaction (i.e. unsecure public WiFi connections);
- Denial-of-Service – flooding systems, servers, or networks with excessive traffic in order to exhaust resources and bandwidth;
- Structured Query Language (SQL) Injection – inserting malicious code into a server using SQL that forces the server to atypically reveal information;
- and, Zero-Day Exploit – attacking an already established vulnerability prior to it being resolved.
Just one compromised record during a malicious or criminal attack in the United States costs businesses about $258.
Human Error – 27% of breaches
Hey, we all make mistakes, right?
Those mistakes result from negligence, carelessness, or lack of awareness – in other words, human error.
Untrained, uninformed employees can accidently create havoc when it comes to cyber threats.
A few examples of human error are:
- sending sensitive documents to the wrong people;
- using weak passwords and not changing passwords often enough;
- disabling security settings on their network-connected computers;
- physically losing their unprotected mobile devices;
- sharing data via mobile devices.
In the United States, a human error costs about $203 per compromised record.
System Glitch – 25% of breaches
We know that. We see it every day.
However, when that technology malfunctions at a high level within a business, the results can be disastrous.
A sudden break in a continuity, or functionality of a system (i.e. a software update), may lead to long-term data exposure.
In 2017, a system glitch in a Michigan state computer system left nearly 1.9 million names and social security numbers exposed for nearly four months.
And, earlier this week, an unsecured database exposed 85.5 GB of security audit logs connected to Pyramid Hotel Group. It took over a month to discovery the problematic server.
Each record exposed due to a system glitch in the United States costs companies around $210.
The Total Costs
A data breach involves various direct and indirect expenses.
According to the Global Cost of a Data Breach Report, there are four cost centers:
- Detection & Escalation: Activities that enable a company to detect and report the breach to appropriate personnel within a specified time period;
- Notification Costs: Activities that enable the company to notify individuals who had data compromised in the breach (data subjects) as regulatory activities and communications;
- Post Data Breach Response: Processes set up to help individuals or customers affected by the breach to communicate with the company, as well as costs associated with redress activities and reparation with data subjects and regulators;
- Lost Business Cost: Activities associated with cost of lost business including customer churn, business disruption, and system downtime.
Some companies stand to lose tens of thousands of dollars, while others endure losses in the millions.
In fact, the average total cost of a data breach is $3.86 million, and the per capita cost is continuously on the rise (up 4.8% from 2017).
The Right Support
Are you concerned about a cyber security breach? Do you have an incident response plan in place?
On average, it takes over 190 days to identify a data breach, and another 69 days to contain it.
Companies that contained a breach in 30 days or less saved over $1 million, compared to those that took over 30 days to resolve the issue.
It takes the right plan with the right team to keep your business safe and secure.