AlgoBuzz Blog

Everything you ever wanted to know about security policy management, and much more.

Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
Filter by Custom Post Type

In the Spotlight: The High Cost of a Data Breach


It’s well known that a data breach can have a huge impact on an organization. From the initial discovery and through forensic investigation and remediation, a data breach places a huge amount of immediate strain on IT resources. Then, there are the follow-on costs: loss of business, reputational damage and the likelihood of fines levied by data watchdogs for breach of regulations.

The financial and other impacts of a data breach can be quite severe as highlighted recently in Ponemon’s recent Cost of a Data Breach report. Sponsored by IBM Security, Ponemon analyzed hundreds of cost factors relating to breaches, including technical investigations, recovery, notifications, legal and regulatory activities, and the cost of lost business and reputation. It found that the average cost of a breach totaled $3.86m – an increase of 6% compared to 2017.

Containing the cost
One of the key factors behind these punishing costs was the amount of time it took to identify a breach. On average, according to the report, organizations required 197 days to identify a breach and a further 69 days to contain it upon detection. Unsurprisingly, the report found that the longer it took to contain the breach, the greater the cost of the incident. Organizations that contained breaches in fewer than 30 days saved more than $1M overall per breach compared to those that required longer than a month.

The report also found that security automation is another major contributor to limit how much a data breach ultimately ends up costing. Organization’s that deployed automated security technologies saved over $1.5m on the total cost of a breach compared with those that had not deployed security automation at all.

The automation advantage
Automating security processes frees up skilled IT and security staff to focus on remediation, enabling them to contain a breach far more efficiently and effectively while ensuring that overall security posture is not reduced. Furthermore, an automation solution, such as security policy management, offers greater visibility across the network by providing a detailed map of applications and connectivity flows. Having full visibility of the network and application connectivity enables security teams to respond to incidents more efficiently and effectively. Blind spots delay investigation of incidents after the initial alert, so improving visibility can significantly improve containment time, reducing the overall cost of any breach, as shown in the Ponemon report.

Mitigating the impact
In addition to achieving the superior visibility that reduces containment times, there are additional steps that organizations can take to help improve detection times and mitigate the potential damage of any data breach. Let’s look at some of the measures all organizations should take:

  • Segmenting the network: Good network segmentation makes it difficult for an attacker to move from the point of compromise, such as a smart thermostat or a point-of-sale terminal, across the network to the data gold mine of passwords and credit card numbers. Network segmentation is a powerful security measure that makes it extremely difficult for an attacker or malware to spread laterally across networks and helps to contain breaches at their point of entry.
  • Tying incidents to business processes: Integrating your SIEM with your security policy management solution enriches the data provided by the SIEM about suspicious incidents. This level of visibility provides information about the business applications impacted by the incident, while mapping the potential lateral movement of the hacker. Once identified, the security management solution can mitigate the risk of a cyber-attack by automatically isolating any affected (or potentially affected) servers or devices from the network.
  • Halting risky outbound traffic: By combining appropriate firewall rules with a series of proxy choke points, organizations can halt risky outbound traffic to provide a bulwark against malicious exfiltration of valuable data. While this measure doesn’t prevent cyber criminals from getting into the network, it does help prevent them from taking data out.

The threat of a data breach never going to disappear, but by taking mitigating measures and capitalizing on the benefits of automation, organizations can ensure that the cost and impact of breaches will be minimized.

Subscribe to Blog

Receive notifications of new posts by email.