Cloud

5/24/2018
04:50 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Most Expensive Data Breaches Start with Third Parties: Report

Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.

Data breaches are expensive, and their growing cost is driving business leaders to allocate more of their IT budgets to cybersecurity. It's not just fear of incidents driving the investment, either: complex infrastructure and lack of knowledge are also causing companies to spend more.

As part of its Corporate IT Security Risks Survey, Kaspersky Lab polled 6,614 business decision makers on their IT security spending, the types of threats they have faced, and the cost of recovering from cyberattacks. They found the cost of breaches has grown by more than one-fifth for both enterprises and SMBs, and the price tag is only expected to get larger.

The cost is growing faster for smaller victims. The average enterprise pays $1.23 million per incident, up 24% from $992,000 in 2017. SMBs spend $120,000 an increase of 36% from last year.

At $193,000 improving software and infrastructure is the most expensive part of a breach for enterprises, followed by repairing damage to credit rating and insurance premiums ($180,000) and training ($137,000). Software improvement is the joint-highest for SMBs, which spend $15,000 on both software improvement and employing external professionals in the aftermath of a breach.

"Typically, they are replacing their software with new solutions or enhanced tools or offerings from their current provider," says Andrey Pozhogin, security expert at Kaspersky Lab North America. Other major costs include lost business and additional wages for internal staff.

Individual costs related to breach remediation were higher overall, Pozhogin continues. Interestingly, researchers found expenses were higher overall among companies located in North America, Asia-Pacific, and Japan depending on their corporate strategies and values.

"The financial impact and motives behind the spend differ worldwide, and it's hard to pinpoint the exact spend after a data breach," he says. "For example, employing external professionals is one of the costliest outcomes of a security breach for SMBs in North America, which suggests that businesses in these regions are more in need of additional expertise."

For companies in Japan, minimizing reputational damage is a priority. Extra PR was the second-highest expense for Japanese SMBs, which spent an average of $13,000 per breach. Loss of business costs Chinese SMBs $17,000, a sign that customers are unforgiving of security incidents.

Most Expensive Incidents Start with Third Parties

The most expensive threats are related to data leaving the organization.

Third-party providers are the source of the costliest incidents, researchers report. The top five affecting enterprises include targeted attacks ($1.11 million), incidents affecting IT infrastructure hosted by a third party ($1.09 millon) incidents involving non-computing connected devices ($993,000) and third-party cloud services ($942,000), and data leaks from internal systems ($909,000).

For SMBs, the priciest recoveries come from incidents affecting IT infrastructure hosted by a third party ($118,000), followed by those involving non-computing connected devices ($98k), those affecting third-party cloud services ($89,000), targeted attacks ($87,000), and incidents affecting suppliers sharing data with the victim ($83,000).

For both enterprises and SMBs, incidents affecting third-party infrastructure are the most expensive. Organizations changing their digital strategies often work with third parties to store their data or change access to their infrastructure, and hackers are taking advantage.

"Cybercriminals recognize the paradox of a supplier that has sometimes unlimited access to the enterprise infrastructure while left alone in their struggle to secure their own servers and networks," says Poghozin. Breaches like the supply-chain attack on Target brought these vulnerabilities to light, and they were abused in incidents like NotPetya and Bad Rabbit.

"The poorly protected networks of SMBs granting access to their enterprise partners are the low hanging fruit for the attackers," he adds.

Breaches are Costly in the Cloud

Nearly half (45%) of enterprises have increased, or are planning to increase, their hybrid cloud usage over the next year, Pozhogin says. The growth has sparked new security issues and now, as a result, more companies are shifting their security spend over to the cloud.

"The cloud poses unique challenges, as traditional security procedures may not work in the cloud, lack of visibility and unified security tools create blind spots, and utilization of numerous solutions and platforms creates barriers for security administrators and environments where cybercriminals can thrive," he explains.

People often play a big role in poor cloud security. Employees fail to properly configure cloud services, a mistake that commonly leads to accidental data exposure. They use the same password across all portals, including those for cloud-based systems, essentially leaving a "master key" for cybercriminals who seek access into corporate networks.

"It's often simple human-based actions like this that can lead to costly data breaches," he adds.

Should You Be Spending Differently?

Security budgets have grown overall: enterprises spend an average of $8.9 million on security while SMB spending has grown from $201,000 to $246,000 year over year. The greatest increase is among companies with fewer than 50 workers, which spend $3,900 compared with $2,900 in 2017.

Poghozin says companies are spending the money on infrastructure security, internal expertise, and security operations. However, he says they could benefit from more spending on visibility and unification as they deploy more tools across their datacenters and the public cloud, which leads to poor visibility and noise, and detracts from their ability to control security.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
4 Ways to Fight the Email Security Threat
Asaf Cidon, Vice President, Content Security Services, at Barracuda Networks,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.