Cloud

5/24/2018
04:50 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Most Expensive Data Breaches Start with Third Parties: Report

Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.

Data breaches are expensive, and their growing cost is driving business leaders to allocate more of their IT budgets to cybersecurity. It's not just fear of incidents driving the investment, either: complex infrastructure and lack of knowledge are also causing companies to spend more.

As part of its Corporate IT Security Risks Survey, Kaspersky Lab polled 6,614 business decision makers on their IT security spending, the types of threats they have faced, and the cost of recovering from cyberattacks. They found the cost of breaches has grown by more than one-fifth for both enterprises and SMBs, and the price tag is only expected to get larger.

The cost is growing faster for smaller victims. The average enterprise pays $1.23 million per incident, up 24% from $992,000 in 2017. SMBs spend $120,000 an increase of 36% from last year.

At $193,000 improving software and infrastructure is the most expensive part of a breach for enterprises, followed by repairing damage to credit rating and insurance premiums ($180,000) and training ($137,000). Software improvement is the joint-highest for SMBs, which spend $15,000 on both software improvement and employing external professionals in the aftermath of a breach.

"Typically, they are replacing their software with new solutions or enhanced tools or offerings from their current provider," says Andrey Pozhogin, security expert at Kaspersky Lab North America. Other major costs include lost business and additional wages for internal staff.

Individual costs related to breach remediation were higher overall, Pozhogin continues. Interestingly, researchers found expenses were higher overall among companies located in North America, Asia-Pacific, and Japan depending on their corporate strategies and values.

"The financial impact and motives behind the spend differ worldwide, and it's hard to pinpoint the exact spend after a data breach," he says. "For example, employing external professionals is one of the costliest outcomes of a security breach for SMBs in North America, which suggests that businesses in these regions are more in need of additional expertise."

For companies in Japan, minimizing reputational damage is a priority. Extra PR was the second-highest expense for Japanese SMBs, which spent an average of $13,000 per breach. Loss of business costs Chinese SMBs $17,000, a sign that customers are unforgiving of security incidents.

Most Expensive Incidents Start with Third Parties

The most expensive threats are related to data leaving the organization.

Third-party providers are the source of the costliest incidents, researchers report. The top five affecting enterprises include targeted attacks ($1.11 million), incidents affecting IT infrastructure hosted by a third party ($1.09 millon) incidents involving non-computing connected devices ($993,000) and third-party cloud services ($942,000), and data leaks from internal systems ($909,000).

For SMBs, the priciest recoveries come from incidents affecting IT infrastructure hosted by a third party ($118,000), followed by those involving non-computing connected devices ($98k), those affecting third-party cloud services ($89,000), targeted attacks ($87,000), and incidents affecting suppliers sharing data with the victim ($83,000).

For both enterprises and SMBs, incidents affecting third-party infrastructure are the most expensive. Organizations changing their digital strategies often work with third parties to store their data or change access to their infrastructure, and hackers are taking advantage.

"Cybercriminals recognize the paradox of a supplier that has sometimes unlimited access to the enterprise infrastructure while left alone in their struggle to secure their own servers and networks," says Poghozin. Breaches like the supply-chain attack on Target brought these vulnerabilities to light, and they were abused in incidents like NotPetya and Bad Rabbit.

"The poorly protected networks of SMBs granting access to their enterprise partners are the low hanging fruit for the attackers," he adds.

Breaches are Costly in the Cloud

Nearly half (45%) of enterprises have increased, or are planning to increase, their hybrid cloud usage over the next year, Pozhogin says. The growth has sparked new security issues and now, as a result, more companies are shifting their security spend over to the cloud.

"The cloud poses unique challenges, as traditional security procedures may not work in the cloud, lack of visibility and unified security tools create blind spots, and utilization of numerous solutions and platforms creates barriers for security administrators and environments where cybercriminals can thrive," he explains.

People often play a big role in poor cloud security. Employees fail to properly configure cloud services, a mistake that commonly leads to accidental data exposure. They use the same password across all portals, including those for cloud-based systems, essentially leaving a "master key" for cybercriminals who seek access into corporate networks.

"It's often simple human-based actions like this that can lead to costly data breaches," he adds.

Should You Be Spending Differently?

Security budgets have grown overall: enterprises spend an average of $8.9 million on security while SMB spending has grown from $201,000 to $246,000 year over year. The greatest increase is among companies with fewer than 50 workers, which spend $3,900 compared with $2,900 in 2017.

Poghozin says companies are spending the money on infrastructure security, internal expertise, and security operations. However, he says they could benefit from more spending on visibility and unification as they deploy more tools across their datacenters and the public cloud, which leads to poor visibility and noise, and detracts from their ability to control security.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.