The risks and costs of cyber incidents, particularly data breaches and ransomware, are rising rapidly. According to the Verizon 2022 Data Breach Investigations Report (DBIR), ransomware attacks skyrocketed in comparison with prior years. The IBM Cost of a Data Breach Report 2021 found that the average total cost of a data breach was the highest in the past 17 years. Businesses that prepare for cyber incidents can respond more effectively to prevent or reduce data loss and business disruption. To date, organizations have been heavily reliant on cyber insurance to offset the costs of incident response and recovery.
However, cyclically, the growing number and cost of cyber incidents result in increasing cyber insurance claims and premiums (it's important to note that businesses will often receive a discount on their cyber insurance policy by having a backup and recovery solution like Own, since these solutions can often minimize the risk of an incident).
The hardening cyber insurance market is increasing the demand for new and innovative risk mitigation solutions. Smart insurers are taking steps to improve risk assessments when setting premiums, which in turn motivates customers to improve cyber security. The increasing costs and shifting market dynamics, especially the push into more comprehensive risk assessments have caused a shift within organizations to focus on proactive approaches to defend against and recover from incidents more quickly and at lesser cost.
However, success depends on the effectiveness of risk assessment, and on the proactive protection and hygiene of the data assets.
Limitations of cyber risk assessments
Traditionally, cyber risk assessment has focused on systems as assets, rather than tracking the locations and flows of information assets in an enterprise. As a result, traditional cyber risk management often overlooks some of the most valuable and sensitive data stored in cloud environments - customer, employee, or service information.
Another problem is that risk assessments are often limited to self-assessments using checklist approaches, with limited verification of veracity. As most anyone in information security has experienced, it is risky to assume that systems are working as planned or documented. An organization might have a policy and process for data hygiene and protection, but their actual systems and data likely deviate from the documented ideal.
The Verizon 2022 DBIR observed a dominant trend in data breaches caused by misconfiguration of cloud environments. Effective data hygiene requires ongoing diligence to check that information is not being mistreated. Curating an inventory of assets involves tracking the location and flow of information, then prioritizing information that is most valuable and highest risk, such as personal data.
Properly managing customer data is critical to data hygiene and while it is advisable to routinely audit all platforms that organizations leverage to collect critical business information, data from customers ought to be considered among the highest priority given its sensitivity and criticality to organizational operations (Forbes Best Practices For Data Hygiene). Another reason that customer information is particularly high risk is because it is valuable to data thieves and competitors.
Leveraging analytics to manage cyber risks
Routine analytics on the treatment of such information is an innovative, proactive approach to improving data hygiene and activity monitoring. Such measures include categorizing data elements based on sensitivity, and applying access controls, permissions, and encryption to strengthen protection of higher risk information. An ongoing challenge is that searching for problems in logs that track usage of sensitive information sometimes feels like looking for a needle in a digital haystack. Applying experience from past cyber incidents to focus on high risk events can help raise an issue of potential concern before it becomes a bigger problem.
These analytical insights can uncover sensitive information that is unencrypted, is not categorized as high risk, or has inadequate access restrictions. In addition, analytics can reveal unexpected alterations and unauthorized uses of sensitive information. Regular review of these analytics help prevent and detect inadvertent exposure of sensitive information as well as illegal activities. In one incident, an employee stole customer data shortly before he moved to a competing company. Such risks can be mitigated by limiting who can access and export sensitive information. In another incident, an employee changed customer records to redirect funds to herself, stealing significant sums before being caught. Malicious misuse of customer data can be detected, and potentially prevented, using analytics that apply lessons from past experience.
Value of rapid recovery
While diligent data hygiene can help detect and prevent the majority of breaches, it is difficult to prevent all risk of data loss or corruption. The best way to recover quickly from an incident that causes data loss/inaccessibility, such as ransomware attacks, is to maintain routine offline backups, accompanied by a rapid restoration process.
“The difference between quick and local backups and ransomware-resistant backups is that the former may involve weeks of downtime due to failed and insufficient recoverability and six to seven figure business interruption, whereas the latter may involve days of downtime and lower upfront cost.” - (Ransomware: A Darwinian Opportunity for Cyber Insurance)
Organizations that make effective use of cloud services to secure information assets are generally able to recover more quickly (IBM Cost of a Data Breach 2021). Organizations also need to keep in mind that data in the cloud, which is being increasingly targeted by cyber attackers, requires offline backup and rapid recovery mechanisms.
Increasing visibility into cloud environments
It is essential to extend these good practices to mission-critical SaaS data where many organizations currently lack visibility. The shared responsibility model dictates that it is the data owner’s responsibility to protect and secure their data. Customers are responsible for their own backup and recovery and data security, and with tools like Own, organizations can be better positioned to adopt forward thinking data hygiene and proactive problem detection and recovery solutions.