Cybersecurity breaches can cause significant financial losses for organizations. Malicious actors may engage in malicious activities such as stealing intellectual property (IP), holding systems hostage via ransomware attacks, or impersonating trusted entities to gain unauthorized access to networks. These violations can also damage an organization’s reputation, leading to reduced competitiveness and loss of revenue for the company. Even the process of responding to security incidents can incur costs, diverting valuable IT support resources from other critical IT functions. To effectively respond to these threats, organizations must strategically focus their cybersecurity efforts on the types of attacks most likely to impact them and their specific industry.
Senior Managing Director of Verizon Security Consulting Services.
Expensive attack patterns
It is not realistic to eliminate all cybersecurity risks. Instead, organizations would do well to focus on the attack patterns that pose the greatest threats, those most likely to net large amounts of money for threat actors. Ransomware and spoofs are among these attack models. According to Verizon’s 2024 Data Breach Investigations Report (DBIR), a ransomware attack costs an organization more than US$45,000 on average, and can reach into the millions in some cases. This attack model can put enormous pressure on organizations that cannot afford downtime. For these organizations, there is no good option. It’s either paying the ransom and losing money or experiencing downtime trying to restore systems and losing money.
False pretense is not only costly, but also increasingly prevalent, accounting for a quarter of financially motivated cyberattacks. It is often used to carry out Business Email Compromise (BEC) attacks, which cost organizations around $50,000 on average. BEC attacks can be particularly dangerous because they often target high-level executives, such as senior executives, who typically have access to highly sensitive company information. One would assume that their accounts are the most secure, but this is often not the case because IT is more likely to make exceptions to the security protocol for them.
High-risk industries
Industries with critical infrastructure or sensitive information are often high-value targets for bad actors. As discussed in the previous section, ransomware can be particularly devastating in this case.
For example, a manufacturer cannot afford for a production line in its factory to be unavailable for an extended period of time. The impact can ripple throughout the supply chain, with costs potentially increasing exponentially. This can affect a manufacturer’s relationships with suppliers and retailers, which can erode its position in the industry. With the pressure increasing, a manufacturer will likely feel increasing pressure to pay the ransom. A new revision of the NIS2 directive to strengthen the security of networks and information systems within critical companies. The scope of the application is now extended to other country-critical (essential and important) entities (organizations with more than 50 employees).
Hospitals and other healthcare organizations face a dual threat: confidential patient information falling into the wrong hands and vital medical equipment, like infusion pumps, being hacked. Leaked patient records can damage a healthcare organization’s reputation, while compromised medical equipment can force a hospital to pay a ransom for fear that its patients’ health will be at risk.
The threat of human error
Often, threat actors have unwitting accomplices: a company’s employees. More than two-thirds (68%) of breaches are caused by non-malicious human errors (DBIR), such as an employee accidentally clicking on a malicious email or text link, leading to a security breach. Employees can be deceived by pretext tactics, resulting in a BEC attack. Sometimes they don’t even fall prey to a cyberattack. They simply send sensitive information to the wrong email, such as a healthcare professional sending confidential patient information to an unexpected recipient.
Mitigating the financial risk of breaches
To help mitigate the financial risk of security breaches, an organization must identify the most common and destructive threats (especially those with the highest potential financial cost). As a manufacturer, the worst case scenario could be a production line held hostage by a threat actor. Preparing for this scenario requires a contingency plan that includes disaster recovery, which can also be applied to catastrophic events. In hospital settings, delivery errors are a common culprit, with healthcare workers sending an email to the wrong address, as mentioned above. Improved access controls can help prevent these and other errors.
In debates about digital identities, non-human identities (NHIs) are often overlooked and marginalized. NHIs encompass a wide range of digital identities linked to applications, services and machines. These include bots, OAuth tokens, API keys and service accounts, credentials that allow machines to authenticate, access resources and communicate with each other in mission-critical environments and not critical. Organizations in this field should carefully consider managing companies that offer comprehensive coverage to enable effective protections that minimize risk exposure.
Since capitalizing on human error is so often the way forward for threat actors, training your staff on cybersecurity best practices and the attack patterns they are most likely to see can go a long way. to reduce the organization’s exposure, but employee training alone is not enough. . To reduce the financial cost of security breaches, organizations must invest in robust threat detection and perimeter security solutions. They say it takes money to make money. Well, it also takes money to save money.
We have presented the best protection against identity theft.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you’re interested in contributing, find out more here:
