Cyber Monitoring: Data Breaches and the High Cost of Inaction

Posted on Jun 26, 2018

Media attention to high profile breaches has left consumers questioning whom they can trust. According to Privacy Rights Clearinghouse's Chronology of Data Breaches, the total number of records breached containing personal and other sensitive data was 1,946,181,599 between Jan. 1, 2017, and March 20, 2018. As consumers become more aware of threats to their information, they need reassurance from you. Without proper cyber monitoring to mitigate information security risk, you risk your organization’s reputation and profitability.

The Rise of Data Breaches

Data breaches are increasing in both number and severity. According to the 2018 Global Threat Report, data breaches continue to pose a serious threat:

  • 71% of United States enterprises report suffering at least one data breach.
  • 7 in 10 organizations in the U.S. were affected by a data breach over the past few years.
  • 67% of global enterprises have now been breached (73% in the U.S.).
  • 42% of enterprises breached had been breached in the past.
  • 79% increased IT security spending, which didn’t even slow breaches down.
  • 86% of U.S. organizations plan to increase cybersecurity spending.

Even with increased and anticipated increases to IT security spending, the statistics clearly show data breaches remain a significant problem. That said, not all approaches to cyber monitoring are created equally. Previously, periodic internal and external audits provided the most cost effective cyber monitoring of the information security landscape. However, these methods limit themselves to a single-point or single-period in time.

Machine learning now provides companies with continuous cyber monitoring tools that provide visibility into your organization’s overall security health. Using these tools, you stand a much better chance of mitigating the high cost of data breaches and phishing scams.

SecurityScorecard’s proprietary ThreatMarket tool allows you to see your environment the way a hacker does. This insight allows you to mitigate risks before they become breaches. For example, companies with poor overall SecurityScorecard ratings are 5.4x more likely to experiance a breach than companies with high ratings.When companies only look at their security posture a few times a year, they may not realize that they are slow to patch vulnerabilities or that their employees use corporate emails on social networks. Both of these practices can increase the risk of a company being breached.

The Lack of Insight Across Cybersecurity Ecosystems

While you can monitor your own environment, your vendors’ landscapes are more difficult. To protect your customer data, you need to ensure that your third-party service providers meet your standards. To protect yourself against the risks your vendors pose, you need insight into their cybersecurity posture. Only by knowing the risks can you prepare to react.  

One way to do this is to incorporate continuous monitoring using artificial intelligence. However,  according to the Third Annual Study on the Cyber Resilient Organization, many organizations lack insight this insight. In fact, the key findings in the study note that 60% of respondents said one of the biggest barriers to cybersecurity was their organization’s lack of investment in new cybersecurity technologies, including artificial intelligence and machine learning.

Resiliency requires preparation as well as response. Organizations without the right tools to mitigate risks cannot effectively response to events. The numbers show a blind spot toward actively preparing for cybersecurity incidents. Investing in predictive technologies, such as automation and machine learning artificial intelligence, can aid organizations hoping to stem the severity of data breaches and cyber attacks.

Without formal and expert cyber monitoring, your organization remains in the dark about its overall cybersecurity health and the health of its third-party vendors across the entire cybersecurity ecosystem. Despite the high cost of data breaches and lost consumer confidence, few organizations take a role in actively setting security policies and budgets.

The Cost of Inactivity & Security Threats

CISOs bear the responsibility for informing and educating the rest of the enterprise. However, the technical language of security often makes it difficult to communicate the risks effectively. Thus, CISOs find themselves struggling to obtain the needed Board oversight to ensure a proactive security posture. According to the Global State of Information Security Survey 2018 (PwC), organizations continue to struggle with communicating  cybersecurity risks and active cyber monitoring:

  • 45% of respondents in a survey of 9,500 executives say their corporate board actively participates in setting security budgets.
  • 39% of organizations actively participate in setting security policies.
  • 36% say they are involved in the technology selection process.
  • 31% actively review current security and privacy risks.
  • 44% of respondents say their corporate boards actively engage in their overall security strategy.
  • 29% of the respondents from the survey of 9,500 executives say their CISOs bear responsibility for IoT security.
  • 34% of respondents plan to assess the potential risk of increased internet connectivity (such as IoT security.)

While massive cybersecurity breaches grab headlines, many organizations still struggle to understand and plan for the growing cyber risks in our complex digital society.

The Highly Effective Phishing Attack

This communication issue extends throughout the enterprise. Phishing attacks against employees and malicious attachments sent in emails remain the main cause of data breaches. According to the Global Advanced Threat Landscape Report 2018, which surveyed 1,300 IT decision makers, noted that:  

  • 56% identified targeted phishing attacks as their biggest cybersecurity threat.
  • 51% of IT decision makers say insider threats are a major concern.
  • 48% say ransomware and malware remain a significant threat.
  • 42% point to unsecured privileged accounts as a serious problem.

Obviously, phishing attacks are a major concern because they are incredibly common and effective, especially as cyber attackers get smarter.  While proper cybersecurity training may help, employees can make mistakes. Organizations need insight into the potential risks posed by their employee cyber behaviors.

Despite the staggering statistics, cybersecurity risks can be effectively addressed and mitigated even in our complex digital society. With SecurityScorecard’s predictive research, we empower security professionals with the knowledge and technology they need to maintain their organization’s security in the always-evolving threat landscape.

Cybersecurity threats are very real, and they thrive in an atmosphere of inaction arising out of information deficit. The attackers are working tirelessly to steal sensitive data. Are you deploying the right tools and strategy to fight back?

Security Research in your Inbox

Thanks for siging up for the newsletter!

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!

Request a Demo

Thank you for requesting a demo!