Keeping a business secure is a never-ending race, with cyber attackers and bad actors seemingly always one step ahead. While business organizations are investing in security technologies at unprecedented rates, attack methods are evolving similarly. That calls for additional cybersecurity investments and technologies. According to
Gartner, over $188 billion will be spent on information security products and services in 2023, and global spending will exceed $262 billion over the next three years at an 11 percent annual growth rate.
Cybersecurity spending trends reflect the impact of a cybersecurity incident on a company’s value. A data breach incident can affect a company's stock price by
7.27 percent on average. Furthermore, this decline in stock
value is separate from the direct damages of data breach incidents, which is an average of
$9.44 million for U.S.-based companies.
All of these numbers point to a simple fact: business organizations must operate in a secure environment and prevent data breach incidents to protect their market value.
An organization's market value is inherently tied to two key factors: the potential to generate revenue; and resilience to prevalent risk factors. A security breach of sensitive information assets is one of the primary risks that can affect an organization’s growth and revenue potential and, thus, its market value over the long term.
A Case for Security
Since the pandemic, many business organizations have adopted the work-from-home model that hinges on ubiquitous access to sensitive business information and IT services. Most organizations rely on cloud-based data platforms – some managed by internal IT – to meet these evolving demands on data access controls. However, this approach leaves organizations vulnerable to cyberattacks.
With the increasing engagement of end-users – for both internal business operations and external customer engagements – through online channels, organizations are aggregating information assets and integrating IT services in cloud-based data platforms. The technology centralizes the storage of data assets and streamlines real-time information access.
But what happens when a vulnerable external IT service is integrated into your platform? Consider the case of the massive data breach that hit
500 e-commerce vendors in a single day. The targeted vendors all used the Magento 1 e-commerce platform, which was compromised when malware was injected into the site. The attackers then accessed a hoard of sensitive financial information across vendor sites, including credit card data and passwords.
Similar cyberattacks have hit U.S. healthcare organizations to steal sensitive electronic health record (EHR) data assets, which are then held hostage for ransom. According to recent research by the U.S. Department of Health and Human Services, the healthcare industry's cost of a data breach is
$9.23 million on average.
In addition to the ransomware, government regulations such as HIPAA and the EU’s GDPR impose large fines and penalties on companies that failed to secure sensitive Protected Health Information (PHI) – up to $1.5 million per incident.
The costs incurred from direct revenue losses, exposure of the intellectual property and trade secrets, and legal repercussions and fines–not to mention crisis PR management–all add up to be a huge financial burden that can inflict severe damage onto a company.
Containing Financial Damages
According to the IBM Data Breach Report, organizations that invested in automated threat detection technologies were able to identify and contain damages faster than other victims. These technologies saved companies on average, over $3 million in damages and contained the damages on average 28 days earlier.
But how do you protect your company’s value against cyberattacks in the first place?
Access control underpins an organization’s vulnerability to attack or how access permissions to employees are allocated. Generally, businesses need to evolve their Identity and Access Management (IAM) strategies to gain better control over sensitive data assets. The basic idea is to limit the number of users with access permissions — if an individual user account is compromised, the attackers hopefully won’t have access to the whole system or network.
Using access control models such as Attribute Based Access Control (ABAC) helps organizations fulfil data access requests based on attributes such as entities, operations, actions, context, and environmental parameters. This is different from the traditional Role-Based Access Model (RBAC) that relies on fixed user profiles to limit access controls, eventually leading to permission leakage as the number of roles explodes: in other words, determining access permissions by job title alone is an impractical approach.
So, the solution is two-fold: invest in better access control models, and then automate threat detection to enable a faster response to a breach. By reducing both risk and exposure, you can ultimately mitigate the impact of a data breach on your company’s value and protect your assets.
Looking to secure your data? Learn how Mactores can help you.