Data breaches

In 2017, a study by the Ponemon Institute called the Cost of Cyber Crime Study showed that the average cost of a data breach is currently $3.62 million globally, which is actually a 10% decline from 2016.

Data breaches may involve the leaking of sensitive corporate documents, technical blueprints, intellectual property, trade secrets, or even emails. This has always been massive in number and has an even bigger impact on businesses. Sophisticated attackers are capable of weaponizing malware highly tailored for the target and they are also managing to deliver the malware silently. 

As per Mandiant's M-Trend 2017 report, most victim organizations were notified about the breach by people other than their own staff. More than 53% of breaches were discovered by an external source. Organizations should have a proactive breach management plan to detect the breach before getting notified by an outsider. The earlier it is detected, the more money organizations can save. The Ponemon Institute also suggested that organizations should aim to identify a breach within 100 days. The average cost of detecting a breach within this time is $5.99 million, but for those who don't have the tools to detect this, the average cost rose to $8.70 million. There are several ways data breaches happen, and the following are some of the most common reasons:

• Malicious attacks: Adversaries can launch a malware or malware-less attack, leveraging application vulnerabilities to exfiltrate sensitive information.
• Weak security systems: Attackers have became more advanced and persistent in nature. Attackers can use stolen credentials to look like legitimate users in the network and hence bypass existing security systems such as firewalls, intrusion prevention system (IPS), and endpoint security. 
• Human error: As per a Verizon Data Breach investigation report in 2017, 88% of data breaches involve human error. Human error is something that all organizations have to deal with.