Cybersecurity is important for any business to focus on, as cybercrime continues to escalate. The average data breach costs $7.35 million dollar, a 5% increase in 2017 over the previous year. That is an average of $225 per lost or stolen record. Think about how many records your business stores and how costly a lack of security can be.
So how does an enterprise know if they are looking at their security correctly? MobileWare has pulled together the top ten mistakes companies make when looking at their security.
#10 Mistake: Believing you are not at risk
Equifax and Yahoo have been two of the largest companies to date who suffered data breaches. The consumer effect was massive. However, just because your business is not of that scale does not mean you are not at risk.
By Q3 of 2017, 3933 publicly disclosed data breaches had occurred. 600 breaches occurred in September alone, equaling 20 breaches per calendar day. It’s no longer if a breach will occur, but when.
#9 Mistake: Overlooking IoT
Endpoint access is guaranteed entry into your network. Desktops and laptops are no longer your main concern. Based on research, lost and stolen devices increased the cost of a breach by $10.50 per record. Use of mobile platforms increased the cost by $6.50 per record.
A business cannot do without IoT, and not securing IoT is costly.
#8 Mistake: Bypassing training
More endpoints mean more employees with access. Ponemon Institutes Research Report found employee training decreased the cost per compromised record by $16.80.
Employees are the best and first line of defense against a costly breach.
#7 Mistake: Missing the basics
It’s the simple things that can bring down the biggest companies. Ensuring accurate passwords (ideally passphrases), segmented network systems, and configured to prevent changes all play into security of a system.
Most importantly, stay up to date on all patches available. Some of the costliest, and easiest breaches to avoid, are due to systems that have not been updated appropriately.
#6 Mistake: Focusing on the perimeter
Border defenses are important. However, given the number of daily attacks, someone will get through. On average, the Mean Time to Identify (MTTI) is 206 days, with another 55 days to contain.
Getting MTTI to under 100 days decreases the cost to identify to $5.99 million versus $8.7 million for over 100 days. Quick response and repair relies on security protocol in the system, not just along the perimeter.
#5 Mistake: Failing to map data
Data is everything for a business. Particularly in cases of recovery. Charting where the data flows, where it’s held, and how it’s shared and accessed is key to protecting the organization.
A business must have security accuracy always. A breach need only occur once. While hacking gets a majority of the attention, human error accounts for 24% of data loss and system glitches account for another 24%. Storage of data is key to minimizing this impact.
#4 Mistake: Neglecting security testing
Unfortunately, vulnerabilities and access points exist across databases, networks, applications and IoT devices. Rather than guessing where the organization’s weaknesses reside, test. Automated vulnerability scanning and deep-dive penetration testing should be regularly scheduled to ensure you know where weaknesses occur.
#3 Mistake: Ignoring security monitoring
Most businesses do not have the resources to set up security operations within. However, not having resources does not alleviate the need for around the clock monitoring with automated alerts. Ultimately, finding a breach early can be the difference of $2.71 million dollar to the bottom line.
#2 Mistake: Avoiding vendor risk assessments
We are in a world of outsourcing and vendor reliance. And that can be a great thing for a business. However, attacks can come via vendor access points rather than directly on a business. When looking at factors that can increase or decrease cost per compromised record, third party involvement increases the cost by $23.70 per record.
Out of 20 risk factors, vendor risk is the costliest factor per capita.
#1 Mistake: Doing it alone
Unfortunately, there is a shortage in staff with cybersecurity skills. Current estimates put the skill shortage at one million positions, and in a few years cybercriminals will outnumber cybersecurity staff 3 to 1.
Currently, indirect costs make up $146 of the per record cost. Indirect costs include using existing internal resources to deal with the data breach, such as investigations. The single, most effective factor in reducing cost of breach is the incident response team. Having an incident response team available 24/7 can reduce the cost per record by $25.9.
Read here to find out how MobileWare can save you money and reduce risk to your enterprise.