Source: Security Intelligence: Larry Ponemon & Wendi Whitmore
We’ve all heard that when it comes to experiencing a data breach, the question is not if it will happen, but when. You may be wondering about the actual odds of it happening to your organization.
Think about it this way: The chances of being struck by lightning this year are 1 in 960,000. When it comes to experiencing a data breach, according to the Ponemon Institute’s “2017 Cost of Data Breach Study: Global Overview,” the odds are as high as 1 in 4. Therefore, organizations must understand the probability of being attacked, how it affects them and, even more importantly, which factors can reduce or increase the impact and cost of a data breach.
Rapid Response Drives Down the Cost of a Data Breach
Sponsored by IBM Security and independently conducted by the Ponemon Institute, the 12th annual “Cost of Data Breach Study” is out. The findings revealed that the average total cost of a data breach is $3.62 million in 2017, a decrease of 10 percent over last year. Additionally, the global average cost per record for this year’s report is $141, which represents a decrease of 11.4 percent over last year.
Despite the reduction in cost, the average size of a data breach increased by 1.8 percent to 24,089 records. The influencers that impact the cost of a data breach are driven by the country and the IT initiatives underway.
The good news is that organizations can take measures to minimize cost and impact. The 2017 “Cost of Data Breach Study” found that having access to an internal or outsourced incident response team has been the top cost-reducing factor for three years running. An incident response team typically accelerates the time frame in which security events can be contained, which is a significant factor in reducing the overall cost of a breach.
The IBM X-Force Incident Response and Intelligence Services (IRIS) team specializes in providing incident response planning, program development, remediation and threat intelligence to clients in over 133 countries. The team has experience responding to and helping to contain many of the largest data breaches in the world.
Five Steps to Accelerate Your Incident Response
Listed below are five additional tips to help accelerate your organization’s response to a breach.
- Speed to respond is critical. The more quickly you can identify what’s happened, what the attacker has access to, and how to contain and remove that access, the more successful you will be.
- Set up retainers in advance. In the event of a breach, an experienced team of incident response experts can help you quickly identify and contain the attack, and minimize costly delays.
- Access the data needed to answer investigative questions. Be prepared to provide responders with logs and tools to help them understand what happened. For example, what did the attackers access and what did they copy or remove from your environment?
- Mitigate the attacker’s access quickly. Plan with the IT staff in advance to understand how to be effective and efficient in a crisis. Consider the following:
- How to execute an enterprisewide password reset quickly;
- How to reset your service accounts; and
- How many of your service accounts have domain administrator credentials.
- Establish an internal communications plan. If you have to shut down parts of your environment or reset thousands of users’ passwords, your employees will have a lot of questions. This speculation can have critical ramifications, so it’s important to document a plan to ensure that your employees understand what they can and cannot share publicly.