Data breaches can be a nightmare for businesses of all sizes. Not only do they result in immediate costs to correct, but they also lead to lost productivity, lost business, and lost customer trust.
Every day there seems to be a new data breach…well, because every day there is a new data breach. They are happening all the time and are simply just a reality of this world. According to IBM’s recent study, 83% of businesses have been breached more than once. That’s not surprising, since studies have found that cybercriminals can breach 93% of companies, and can do so in an average of 2 days.
That’s a sobering thought. It’s also an honest statement on our part. We provide multiple layers of cybersecurity, and it is baked into every service we offer. We offer solid protection for our clients, but we’d be lying if we said it was foolproof. Nothing is.
Like your home. You probably have a couple of locks on the door, maybe an alarm, and perhaps even a dog in the yard. Those are good deterrents, but they hardly stop burglars. If somebody wants to break in, they are going to find a way.
That is exactly the same scenario with cybersecurity and “locking down” your business. If somebody wants in bad enough, nothing will stop them from breaking in. It isn’t a matter of IF you will have a data breach, but rather WHEN you’ll have a data breach.
The proper preparation is to have securities set and a disaster plan in place. Regardless, it will be costly in the end. The IBM report states the cost of a data breach has risen again in 2022, with the global cost of one breach now reaching an average of $4.35 million. In the US, the cost is even higher, at an average of $9.44 million.
Of course, small and mid-sized companies have a smaller input into that average. Their averages are in tune with $150 thousand per breach. It’s still a big hit, plus other stats point to the fact that 60% of small companies close within 6 months of a data breach. Those that survive have lingering costs that extend long after the breach itself, be it in infrastructure, activities to maximize customer retention, recouping lost sales at a higher cost, or just general public relations.
This is the reality of modern-day business. I don’t mean to be a downer here. It doesn’t mean that all is lost. You do have a good amount of control and can take action to protect yourself. On top of that, you can take measures to minimize the impact (and costs) of a breach on your business.
Here are the top cybersecurity tactics to reduce the impact of a data breach.
- Use a Hybrid Cloud Approach
- Create an Incident Response Plan
- Implement Zero Trust Security
- Use AI Security Tools
Use a Hybrid Cloud Approach
It’s no secret that more and more businesses are turning to the cloud for data storage and business applications. Cloud computing has become more affordable and accessible for even small and mid-sized businesses. There’s a scary statistic though – just under half of all data breaches happen in the cloud. Yikes! That’s up 10% from the previous year.
I feel that is a lopsided number because a good chunk of cloud breaches are due to misconfigurations. That aside though, there are multiple approaches to cloud computing. When most people talk about cloud computing, they’re talking about hosting their data on a public server from one of the big 3 tech companies: Microsoft Azure, Amazon Web Services, and Google Cloud Platform. But there’s another option – a private cloud. This is owned and operated by the organization itself, and while it’s not as cost-effective or scalable as using a public cloud server, it does offer more control over infrastructure and security.
So, what’s a business to do? The answer is simple – go hybrid! A hybrid cloud approach involves using a combination of a public cloud and a private cloud environment. This way, you get the best of both worlds – the cost-effectiveness and scalability of public cloud servers, and the added security of a private cloud. Plus, it can save you a pretty penny – studies have shown that a hybrid approach can reduce the impact (and cost) of a data breach by 27.7% compared to using a public cloud alone.
IBM Figure 47: Breaches in the public cloud were costliest. Breaches in a public cloud cost an average USD 5.02 million, whereas breaches within a private cloud cost an average USD 4.24 million. Within a hybrid cloud model, breaches cost an average USD 3.80 million, about USD 1.2 million less costly than breaches within a public cloud, for a difference of 27.7%
Create an Incident Response Plan
Another important step businesses can take is to put in place an incident response plan. An incident response plan is part of your backup & disaster recovery (BDR) solution, and is simply a set of instructions for employees to follow in the event of a cybersecurity incident. It should outline the roles and responsibilities of different individuals, and provide the process for identifying, containing, and mitigating the incident. The entire purpose is to minimize the impact of a data breach and restore normal operations as quickly as possible.
Think of it like the fire drills at school. They’d walk you out to the yard so you know where to go and meet up with everybody. If you were at school and suddenly the fire alarm goes off, you don’t panic because you know exactly what to do. You’ve practiced the fire drill so many times that you can do it in your sleep. Well, it’s kind of the same thing with incident response plans in the business world!
An incident response plan is like a map for your employees to follow in case of a cyber emergency, like a data breach. It tells everyone what their jobs are, and how to contain and fix the problem as quickly as possible. Just like how practicing a fire drill makes you more prepared for a real fire, practicing an incident response plan can help your business bounce back faster and with less damage from a cyber attack.
And the best part? It can save your company a ton of money. Studies have shown that companies that practice their incident response plan can save an average of $2.66 million in case of a data breach. So don’t wait till the cyber equivalent of a fire breaks out, practice your incident response plan today!
Implement Zero Trust Security
Zero Trust is a security protocol this is exactly what it sounds like. You don’t trust any user, device, or connection until it is verified. This is commonplace for external access to the network, but zero trust brings that security internally as well. Examples of zero trust protocols include multi-factor authentication, application whitelisting, and contextual user authentication. Requiring authentication before granting access to any network resources fortifies the network greatly.
According to the IBM Security report, organizations that deploy zero trust tactics pay an average of $1 million less per data breach, $4.15 million vs $5.10 million. The more zero trust is integrated into the company security, the less cost involved with a data breach, providing an additional $1.5 million in savings.
Use AI Security Tools
Finally, businesses should invest in tools with security AI and automation. AI tools augments or replaces human intervention in the identification and containment of intrusion attempts. Using these types of tools can significantly lower the cost of a data breach.
The report found that the average time to identify and contain a breach was 74 days faster using AI security tools than without them. That breaks down into identifying the threat 54 days faster and containing it 20 days faster than the non AI counterparts.
This massive change has shown to lower breach expenses by 65.2%. This is the largest cost savings in the study.
How to get started improving your cyber resilience
The reduction in impact and costs from a data breach comes down to implementing these top tips. They should be viewed as best practices for your infrastructure.
To get started improving your cyber resilience, it’s important to work with a trusted IT provider to create a cybersecurity roadmap. Start by addressing the “low-hanging fruit” first, such as putting in place multi-factor authentication, and then move on to longer-term projects, such as creating and regularly practicing an incident response plan.
Data breaches are costly and devastating for businesses, but by adopting a hybrid cloud approach, putting in place an incident response plan, adopting a zero trust security approach, and investing in tools with security AI and automation, companies can mitigate the impact of a data breach and reduce their costs.
If you need help formulating your strategy, book a free evaluation on our live calendar and we’d be happy to consult.