With growing inflation and unstable supply chains, it is time for organizations in the ME to invest in detection and response instead of being defensive
Naren Vijay, Executive VP – Growth, Lumenore
Cyber breaches present a clear threat to the viability and profitability of businesses and other organizations. Although organizations in the Middle East have improved their response to data breaches, allowing them to contain them faster and more effectively than before, dangerous cyber breaches can be extremely costly. Studies have shown that the average cost of data breaches for organizations has increased significantly from the previous two years.
As cyber breaches become more dangerous and expensive, the higher their costs these breaches pass onto product and service tariffs. There are countless examples of organizations from all over the world being forced to raise the prices of their products and services due to such breaches. This is especially problematic during a global supply chain crisis and inflation steadily rising worldwide. Furthermore, ransomware and destructive attacks made up a considerable portion of breaches within systematically vital global organizations. Such frequent and flagrant attacks on these systems demonstrate that attackers are even willing to fracture global supply chains that rely on these organizations.
This rise in the cost of data breaches may be partly attributed to hackers becoming more sophisticated in their practices and more innovative in their methods. It is also concerning that most cyber breaches are aided and abetted by malicious insiders from within the organization.
One of the most effective security strategies that organizations can adopt to protect their assets is the ‘zero-trust’ security model. ‘Zero-trust’ is a security framework that requires all users to be authenticated, authorized, constantly monitored, and continuously validated for clearance at every step. Only when personnel have passed all checks can they be granted access to any applications or data, regardless of whether the user is from within the organization or outside.
It is rather troubling that, despite such findings about the increased threat and cost of cyber breaches, very few critical infrastructure organizations have a ‘zero-trust’ security model in place. Further, a not insignificant number of global breaches originate due to a business partner’s systems being compromised, which highlights the large security risk present in an over-trusting environment. It was found that organizations that don’t implement ‘zero-trust’ policies incur a considerably higher cost from security breaches than those that do.
Another process that should be implemented to ensure that data is consistent and trustworthy, as well as to prevent its misuse, is data governance. It refers to setting internal data standards and policies that control the usage of data to manage the data in the enterprise systems. For example, it is unnecessary and unsafe for the creative team to have access to data they do not need from the sales team. Setting and following stringent data governance standards ensures effective management of the availability, usability integrity and security of internal data.
Additionally, a considerable percentage of breaches among such organizations were from ransomware and destructive attacks. Such attacks can be extremely damaging and there are no guarantees with paying off ransomware threats. It is known that ransomware victims who paid the ransom demand experienced no substantial decrease in average breach costs, but rather, they demonstrated that they could be intimidated in future attacks.
Interestingly, organizations with solid hybrid cloud-based models suffer lower breach-related costs compared to those organizations that rely solely on public or private cloud models. It is worrying, however, that a large number of organizations in the Middle East have either not applied security practices across their cloud environments or are in the early stages of applying security measures across their cloud environments. This translates into higher breach costs than companies with mature security infrastructure across their cloud environments. Businesses that have not begun the process of applying security measures to their cloud services suffer from an exorbitant average total cost of a data breach when compared to those that do.
On an optimistic note, the biggest cost-saving measure observed is the deployment of security AI and automation. Implementing AI to monitor cyberattacks allows organizations to isolate, repair, and combat any issues immediately. It can also predict malfunctions and future points of failure based on existing data and automates notification of security teams to deal with any breaches. With AI and deep learning, issues can be fixed in a matter of seconds without requiring any human intervention. Not only does this increase safety, but it also increases efficiency, saving the security team valuable time that can be allocated elsewhere.
With the observed trends of hackers getting more adventurous and audacious with cyber breaches around the world, it is imperative for businesses to invest more in detection and response, rather than squarely focusing on perfecting their perimeter. Now that we are experiencing global economic uncertainty, such measures are even more critical. Therefore, the focus should be placed on factors that are under our control. Instead of being on the defensive, organizations should take advantage of all the tools at their disposal and stop attackers from achieving their objectives before they ever get a chance to make a move.