Cybersecurity breaches can result in significant financial losses for organizations. Threat actors may engage in malicious activities such as stealing intellectual property (IP), holding systems hostage through ransomware attacks or impersonating trusted entities to gain unauthorized access to networks. These breaches can also damage an organization's reputation, leading to a decline in competitiveness and a revenue loss for business. Even the process of responding to security incidents can incur costs, diverting valuable IT support resources away from other essential IT functions. To effectively address these threats, organizations should strategically focus their cybersecurity efforts on the types of attacks that are most likely to impact them and their specific industry.
Senior Managing Director for Verizon Security Consulting Services.
Costly attack patterns
It isn’t realistic to eliminate all cybersecurity risks. Instead, organizations would do well to hone in on the attack patterns that pose the biggest threats, those that are more likely to fetch large sums of money for threat actors. Ransomware and pretexting are among such attack patterns. A ransomware attack costs an organization an average of over $45,000 USD, according to Verizon’s 2024 Data Breach Investigations Report (DBIR), and can even soar into the millions in some cases. This attack pattern can put enormous pressure on organizations that can’t afford downtime. For these organizations, there is no good option. It’s either pay the ransom and lose money, or endure downtime while attempting to restore systems and lose money.
Pretexting is not only costly but also increasingly prevalent, accounting for a quarter of financially motivated cyberattacks. It is often used to carry out business email compromise (BEC) attacks, which cost organizations on average around $50,000 USD. BEC attacks can be especially dangerous because they often target high-level executives, like the C-suite, who typically have access to highly sensitive company information. One might assume their accounts are the most secure, but that is often not the case, as IT is more likely to make security protocol exceptions for them.
High-risk industries
Industries with critical infrastructures or sensitive information are often high-value targets for threat actors. As alluded to in the previous section, ransomware can be especially devastating here.
For example, a manufacturer cannot afford a production line in its factory to be down for an extended period of time. The impact can cascade down the supply chain, with the costs potentially growing exponentially. It can affect a manufacturer’s relationships with suppliers and retailers, which may erode its standing in the industry. With pressure mounting, a manufacturer will likely feel growing pressure to pay the ransom. A new revision of the NIS2 directive to enforce better Network and Information System security within critical companies. Enforcement scope is now extended to additional nation-critical (Essential & Important) entities (>+50 employees organizations).
Hospitals and other healthcare organizations face a dual threat: confidential patient information falling into the wrong hands, and critical life-saving medical equipment, like infusion pumps, being hacked. Leaked patient records can wreak havoc on a healthcare organization's reputation, while compromised medical equipment can force a hospital to pay a ransom lest the health of their patients is threatened.
The threat of human error
Often, threat actors have unwitting accomplices: a company’s employees. More than two-thirds (68%) of breaches are caused by non-malicious human errors (DBIR), such as an employee clicking on a malicious email or text link by accident, leading to a security breach. Employees may be fooled by pretexting tactics, resulting in a BEC attack. Sometimes, they don’t even fall prey to a cyberattack. They simply send sensitive information to the wrong email, such as a healthcare worker sending confidential patient information to an unintended recipient.
Mitigating the financial risk of breaches
To help mitigate the financial risk of security breaches, an organization should identify the most common threats and the most destructive ones (especially those with the potential highest financial cost). As a manufacturer, your worst-case scenario may be a production line being held hostage by a threat actor. Preparing for this scenario requires a contingency plan that includes disaster recovery, which may also apply to catastrophic events. In a hospital setting, misdelivery is a common culprit, with healthcare workers sending an email to the wrong address, as mentioned above. Enhanced access controls may help prevent these and other mistakes.
Within debates about digital identities, non-human identities (NHIs) are often overlooked and marginalized. NHIs encompass a wide range of digital identities linked to applications, services, and machines. These include bots, OAuth tokens, API keys, and service accounts—credentials that enable machines to authenticate, access resources, and communicate with each other in both critical and non-critical environments. Organizations in this field must carefully consider managing the enterprises that provide comprehensive coverage to enable effective protections that minimize risk exposure.
Since capitalizing on human error is so often the way in for threat actors, training one’s workforce on cybersecurity best practices and the attack patterns they’re most likely to see can go a long way toward reducing organizational exposure, but employee training alone is not enough. To reduce the financial cost of security breaches, organizations must invest in robust threat detection and perimeter security solutions. They say it takes money to make money. Well, it also takes money to save money.
We've featured the best identity theft protection.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
