Article by Toni El Inati – RVP Sales, META & CEE, Barracuda Networks
As the Middle East makes a concerted effort to grow its knowledge and skills-based economy, the role of data in driving innovation, transformation and success cannot be overstated. From unlocking unparalleled insight into consumer preference and behaviours and uncovering opportunities to optimise processes, to identifying entirely new means of revenue generation, data is key. And just as businesses understand this value, so to do cybercriminals.
The latest wave of digital transformation, accelerated by the pandemic, has redefined – if not entirely eliminated – the traditional enterprise perimeter. The systems and individuals creating and consuming precious data are no longer confined securely within the walls of the organisation. Instead, they operate from anywhere, anytime and via a myriad of devices and networks. For attackers, this means that they no long need to focus only on exploiting robust firewalls and IT policies, but can target a weaker link, which could be an employee accessing sensitive data from their local coffee shop. Attackers’ growing success in doing so is highlighted in IBM’s Cost of a Data Breach Report 2022 in which 83% of surveyed organisations report that they had experienced more than one breach.
Also worrying for businesses is that, according to the same report[1] the average cost of a data breach has increased by 12.7% since 2020. The shift to widespread remote working has also had an impact on the extent of data breaches. IBM’s report reveals that, on average, breaches cost $US1 million more when remote working was being undertaken compared to organisations where this was not the case. While these figures are already intimidating, the reality is even more grim for organisations in the Middle East where the average cost per breach ($US7.46 million) is the second highest in the world.
Reducing the cost of future breaches
We’ve all heard the saying ‘Data is the new oil’, and if Middle East companies hope to extract its full value for business, they need to take a leaf out of the paybook of the region’s Oil & Gas sector and do everything in their power to prevent leaks. Here are some key steps that organisations can take to reduce the likelihood of breaches, and the cost should one occur.
Adopt a Zero Trust strategy: This is an effective way to protect access and data whether it is stored centrally, at a remote location, or on a cloud platform by implementing access control across users and devices.
Protect data with backup and encryption: Should a breach occur, these steps will reduce the likelihood that data can be stolen or misused. Attackers often target your backups to prevent you from being able to recover your data. As part of your backup process, remember your on-premise data as well as data in the cloud/SaaS applications such as Microsoft 365.
Invest in XDR capabilities: IBM’s report found that organisations that have XDR in place shortened breach lifecycles by about a month. Specifically, organisations with XDR took 275 days to identify and contain a breach compared to 304 days for those without. This represents a 10% difference in response times. Being able to spot a breach faster can significantly reduce its impact and the associated costs. XDR platform offers continuous security monitoring with response services for their managed endpoints, networks, and cloud.
Protect your email: Cyberattacks often start with a phishing email to capture admin or user credentials. Choose an email security solution with AI capability that enables proactive threat discovery and automates remediation.
Secure your applications: Applications often have open vulnerabilities that can be exploited to gain access to your data. Use an application security solution that defends against web application vulnerabilities such as OWASP Top 10, zero-day and brute force attacks.
Create and maintain an incident response playbook: Pre-planning is critical to ensure that everyone within an organisation knows the steps that are required should a breach occur. IBM’s report clearly showed the benefits that flow from having detailed plans in place that guide actions if and when a data breach occurs. Organisations that had an incident response plan in place reported an average of $US2.66 million lower breach costs compared with organisations that don’t have IT teams and plans in place. This represents a saving of 58%.
Beating the Breach
As organisations in the Middle East steam ahead with their plans for ambitious digital transformation, cybercriminals will only have greater reason to target their data. Consequently, we can expect the cost of breaches to rise, presenting a formidable risk to both the bottom line, and reputation of organisations that find themselves in attackers’ crosshairs.
As data shows, preventive measures can drastically reduce the overall expense and effort associated with data breaches. Organisations that conduct due diligence and shore up their defences will find themselves able to stem the tide of breaches.
[1] https://www.ibm.com/ae-en/security/data-breach
