Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/1/2020
10:50 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Kaspersky Finds SMBs That Proactively Disclose Breaches Experience 40% Less Financial Damage

Woburn, MA – November 30, 2020 — According to a Kaspersky report, SMBs that decide to voluntarily inform their stakeholders and the public about a breach, on average, are likely to lose 40% less than their peers that saw the incident leaked to the media. The same tendency has also been found to be the case in enterprises.

Failure to suitably inform the public about a data breach in a timely manner can make the financial and reputational consequences of a data breach more severe. Some high-profile cases include Yahoo!, who was fined and criticized for not notifying their investors about the data breach it experienced, and Uber’s fine for covering up an incident.

Kaspersky’s report, based on a global survey of more than 5,200 IT and cybersecurity practitioners, shows that organizations that take ownership of the situation usually mitigate the damage. Costs for SMBs that disclose a breach are estimated at $93k, while their peers that had an incident leaked to the media suffered $155k in damage. The same is the case for enterprises: those that voluntarily inform their audiences about a breach experienced less financial damage (28%) than those whose incidents were leaked to the press – $1.134 million compared to $1.583 million.

In North America, around half (48%) of businesses revealed a breach proactively. 27% of organizations that had experienced a data breach preferred not to disclose it. A quarter (25%) of companies tried to hide the incident, but saw it leaked to the media.

The survey further proved that risks are especially high for those companies that couldn’t immediately detect an attack. 29% of SMBs that took more than a week to identify that they had been breached found the news in the press, which is double those that detected it almost immediately (15%). For enterprises, these figures are similar at 32% and 19% respectively. In the U.S. and Canada, 39% of those who proactively disclosed a breach said they reported the breach almost immediately, while 48% said it took up to a week, and 50% said it took over a week to disclose.

“Proactive disclosure can help turn things around in a company’s favor, and it goes beyond just the financial impact,” comments Yana Shevchenko, senior product marketing manager at Kaspersky. “If customers know what happened firsthand, they are more likely to maintain their trust in the brand. In addition, the company can give its clients recommendations on what to do next so that they can keep their assets protected. The company can also tell their side of the story by sharing reliable and correct information with the media, instead of publications relying on third-party sources that may depict the situation incorrectly.”

To reduce the chance of suffering damaging consequences from a data breach, Kaspersky recommends that businesses follow these recommended actions in advance:

 

  • For enterprise endpoint level advanced threat detection, investigation, proactive threat hunting and fast response, implement EDR solutions such as Kaspersky Endpoint Detection and Response. Smaller companies with limited expertise in cybersecurity can benefit from Kaspersky EDR Optimum which provides basic EDR capabilities, including better visibility into endpoints, simplified root cause analysis and an automated response option.
  • In addition to endpoint protection, enterprises should implement a corporate-grade security solution that detects advanced threats on the network, enriched with threat intelligence such as Kaspersky Anti Targeted Attack Platform. It helps to protect from professional cybercriminals who favor a multi-vector approach and often combine many different techniques into a single planned attack.
  • To respond in a timely manner to a cyberattack, combine in-house Incident Response team as a first-line of response, and escalate more complex incidents to third-party experts.
  • Introduce awareness training for employees to explain to them how to recognize a cybersecurity incident and what they should do if one occurs, including immediately notifying the company’s IT Security department.
  • Consider conducting special training for all parties involved in dealing with the aftermath of a data breach, including communication specialists and the head of IT security, such as Kaspersky Incident Communications.

To read the full report, please visit the link.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: George has not accepted that the technology age has come to an end.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26814
PUBLISHED: 2021-03-06
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service sc...
CVE-2021-27581
PUBLISHED: 2021-03-05
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
CVE-2021-28042
PUBLISHED: 2021-03-05
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041
PUBLISHED: 2021-03-05
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-3377
PUBLISHED: 2021-03-05
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.