Are you being hacked?

A follow up to a post last year when we said The Ponemon data breach report is always a good read and avoids falling into the traps of internet clickbait and publishing the report in a “reaction” style Youtube video, you know, the kind where there is someone with their mouth oddly gaping with aggressive text overlayed. See link to full article at the end

?1.????? A poor worker blames their tools.

The quite alarming figures showing that across the reported breaches, only 1 in 3 of them were detected by the company being attacked. With the rest either being the attacker announcing themselves or a non security vendor noticing. When we take into account the fact that breaches cost less if the breach is identified by the organisation’s team and tools, we see a clear need for improving the signals received from reporting tools. Which is a shame, as this is an incredibly difficult problem to solve.

?A lazy recommendation would be to buy more tools, but the more sensible one would be to do some purple team exercises. Purple teaming is where test your monitoring/detection tools to see if known attacker activity triggers the kind of alerts that you’d want or expect.

?2.????? More complex security….a bigger bill?

So, this is a weird one, companies with “low or no security system complexity” had an average breach cost that was 31.6% lower than those with “high levels of security system complexity levels”.

If this was a comedy sketch this is where we’d come to the conclusion that if we got rid of all our complex systems and tools, we’d be able to downgrade the impact on a ton of entries on the risk register. I can only hypothesize that this is showing that companies who invest heavily in technology often do so at the expense of the core People/Process controls that make the world (at least the information security one) go round.

3.????? Phishing continues to be top of the tree.

Being the most common initial attack vector and the attack vector with the second highest average cost when it leads into a breach, phishing is that drum that keeps getting beaten. Phishing has evolved into the world of QR codes, with many companies now just outright blocking images from emails. Which is great, but it’s only a matter of time until some sad person takes the time to make QR codes using excel tables or just simply text.

?Oh look at that, I just did it. (I’d post them but LinkedIn doesn’t allow even rich text, so email me [email protected] if you are curious.)

?The recommendation here is to make sure that as the threat landscape changes, your user awareness training does too.

?4.????? Breaches less costly for most, but still more costly on average.

?Of the 16 regions surveyed, 6 showed an increase in the average cost of a data breach with 10 showing a decrease in the average cost of a data breach. It’s worth noting that despite that, the overall cost of a data breach worldwide went up, showing that those increases outweighed the reductions. This could boil down to all sorts, geopolitics, law enforcement/local government’s ability and willingness to help impacted companies or even a potential region difference in attitudes and technology adoption. A question to throw back to you the reader really, what do you think makes the country you work in unique in regards to information security?

5.????? Paying up becomes less appealing.

In both 2022 and 2023, on average, ransomware attacks ended up costing the breached company less when they paid the ransom. This represents horrific news to law enforcement and government agencies, where the message is definitely centred on not paying. The gap between paying and not paying has closed so drastically in just a single year that it wouldn’t be a surprise to see paying the ransomware become the more expensive option by the time the 2024 version is released. Which leads into the thinking of who is making the decisions currently in your own business when it comes to ransoms, is there already a decision criteria? Is paying banned by your national government? What does your insurer (if you have one) say?

Link to post last year https://www.dhirubhai.net/feed/update/urn:li:activity:6967424282540785665?utm_source=share&utm_medium=member_desktop