Cloud

5/24/2018
04:50 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Most Expensive Data Breaches Start with Third Parties: Report

Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.

Data breaches are expensive, and their growing cost is driving business leaders to allocate more of their IT budgets to cybersecurity. It's not just fear of incidents driving the investment, either: complex infrastructure and lack of knowledge are also causing companies to spend more.

As part of its Corporate IT Security Risks Survey, Kaspersky Lab polled 6,614 business decision makers on their IT security spending, the types of threats they have faced, and the cost of recovering from cyberattacks. They found the cost of breaches has grown by more than one-fifth for both enterprises and SMBs, and the price tag is only expected to get larger.

The cost is growing faster for smaller victims. The average enterprise pays $1.23 million per incident, up 24% from $992,000 in 2017. SMBs spend $120,000 an increase of 36% from last year.

At $193,000 improving software and infrastructure is the most expensive part of a breach for enterprises, followed by repairing damage to credit rating and insurance premiums ($180,000) and training ($137,000). Software improvement is the joint-highest for SMBs, which spend $15,000 on both software improvement and employing external professionals in the aftermath of a breach.

"Typically, they are replacing their software with new solutions or enhanced tools or offerings from their current provider," says Andrey Pozhogin, security expert at Kaspersky Lab North America. Other major costs include lost business and additional wages for internal staff.

Individual costs related to breach remediation were higher overall, Pozhogin continues. Interestingly, researchers found expenses were higher overall among companies located in North America, Asia-Pacific, and Japan depending on their corporate strategies and values.

"The financial impact and motives behind the spend differ worldwide, and it's hard to pinpoint the exact spend after a data breach," he says. "For example, employing external professionals is one of the costliest outcomes of a security breach for SMBs in North America, which suggests that businesses in these regions are more in need of additional expertise."

For companies in Japan, minimizing reputational damage is a priority. Extra PR was the second-highest expense for Japanese SMBs, which spent an average of $13,000 per breach. Loss of business costs Chinese SMBs $17,000, a sign that customers are unforgiving of security incidents.

Most Expensive Incidents Start with Third Parties

The most expensive threats are related to data leaving the organization.

Third-party providers are the source of the costliest incidents, researchers report. The top five affecting enterprises include targeted attacks ($1.11 million), incidents affecting IT infrastructure hosted by a third party ($1.09 millon) incidents involving non-computing connected devices ($993,000) and third-party cloud services ($942,000), and data leaks from internal systems ($909,000).

For SMBs, the priciest recoveries come from incidents affecting IT infrastructure hosted by a third party ($118,000), followed by those involving non-computing connected devices ($98k), those affecting third-party cloud services ($89,000), targeted attacks ($87,000), and incidents affecting suppliers sharing data with the victim ($83,000).

For both enterprises and SMBs, incidents affecting third-party infrastructure are the most expensive. Organizations changing their digital strategies often work with third parties to store their data or change access to their infrastructure, and hackers are taking advantage.

"Cybercriminals recognize the paradox of a supplier that has sometimes unlimited access to the enterprise infrastructure while left alone in their struggle to secure their own servers and networks," says Poghozin. Breaches like the supply-chain attack on Target brought these vulnerabilities to light, and they were abused in incidents like NotPetya and Bad Rabbit.

"The poorly protected networks of SMBs granting access to their enterprise partners are the low hanging fruit for the attackers," he adds.

Breaches are Costly in the Cloud

Nearly half (45%) of enterprises have increased, or are planning to increase, their hybrid cloud usage over the next year, Pozhogin says. The growth has sparked new security issues and now, as a result, more companies are shifting their security spend over to the cloud.

"The cloud poses unique challenges, as traditional security procedures may not work in the cloud, lack of visibility and unified security tools create blind spots, and utilization of numerous solutions and platforms creates barriers for security administrators and environments where cybercriminals can thrive," he explains.

People often play a big role in poor cloud security. Employees fail to properly configure cloud services, a mistake that commonly leads to accidental data exposure. They use the same password across all portals, including those for cloud-based systems, essentially leaving a "master key" for cybercriminals who seek access into corporate networks.

"It's often simple human-based actions like this that can lead to costly data breaches," he adds.

Should You Be Spending Differently?

Security budgets have grown overall: enterprises spend an average of $8.9 million on security while SMB spending has grown from $201,000 to $246,000 year over year. The greatest increase is among companies with fewer than 50 workers, which spend $3,900 compared with $2,900 in 2017.

Poghozin says companies are spending the money on infrastructure security, internal expertise, and security operations. However, he says they could benefit from more spending on visibility and unification as they deploy more tools across their datacenters and the public cloud, which leads to poor visibility and noise, and detracts from their ability to control security.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA ,  6/11/2018
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12026
PUBLISHED: 2018-06-17
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in tur...
CVE-2018-12027
PUBLISHED: 2018-06-17
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said ...
CVE-2018-12028
PUBLISHED: 2018-06-17
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an e...
CVE-2018-12029
PUBLISHED: 2018-06-17
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
CVE-2018-12071
PUBLISHED: 2018-06-17
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.