Blog

From the Front Lines, the True Cost of a Data Breach

Written by Matt Baron, Client Director, Praesidium-Cyber | December 23 2022

Chances are you’re familiar with popular annual industry reports on the rise of ransomware and other threats and on the costs of data breaches. However, for many organizations the full impact of a breach doesn’t truly hit home until they live through a major incident.

As a cybersecurity consultant, I’ve been involved in recovery efforts for two major breaches, and they have both been dramatic: One organization was a week away from going under, and the other mere hours. Why? Because of the cost of the breach and what happened to their data. Both organizations also lost valuable data when they recovered.

Although organizations know that threat actors are using ransomware, spear phishing, and other attacks, it’s often difficult to protect data. Companies spend the bulk of their resources securing the perimeter, but threat actors still get in. This is disturbing because, apart from their people, data is an organization’s most valuable asset. When data is encrypted, stolen, compromised, or otherwise made inaccessible, organizations can’t do their work.

My background is in ethical hacking and security testing, and I can assure you that cybercriminals are targeting your data — be it your day-to-day data needed to run the business or the cold storage data you have to keep due to contractual requirements or regulations. Depending on the severity of a breach and how destructive threat actors are in their methods, I’ve seen the costs of a data breach rise 10x from initial incident to recovery.

Breaking Down Data Breach Costs

Let’s say you experience a ransomware attack. Immediately, you have productivity costs. Every day that your business is down because a threat actor has encrypted your data is another day you can’t work. If you decide to pay the ransom, you have these costs, too. Add that to the new regulations and fines incurred if data is “exfiltrated” outside of the organization, and some organizations may be forced to close.

But these initial costs pale in comparison to the costs of rebuilding infrastructure to avoid future incidents — and these are costs that aren’t budgeted. Rebuilding can include new hardware, software, communications systems, and training both for technical staff and regular staff, as well as moving data centers and creating redundant data centers. Not to mention the hidden costs of redesigning these systems and the burnout of your teams working long hours to remediate the problem under extremely stressful conditions. Depending on the skillsets you have in-house, you may also have to supplement with outsourced services at higher rates.

There’s also the matter of timing, which is a real wild card. The CISO of one company that experienced a breach told me that, had the attack happened during their busiest season, the business would not have survived. Reputational damage, lawsuits, and loss of revenue can be devastating.

And yet we still haven’t talked about dealing with the loss of your most valuable asset: your data. Where is it? Who has it? What if you can’t recoup it all? What if you haven’t backed it up recently, or what if your backup was also encrypted in the attack? What if your data has been leaked? You can buy new servers, PCs, laptops, and communications systems, but if your data is gone or encrypted, the impact to the business is disastrous.

Data Security and Availability: Where To Start

Some organizations are beginning to recognize the true value of their data; they’re listing their data as an asset on their balance sheets and taking steps to protect it. The challenge, as with any new initiative, is where to start.

The first issue is that many organizations don’t really know how much data they have and where to put it all — on-prem, in the cloud, or a combination of both. Moving data to the cloud can be a good strategy because it saves internal hardware and management costs. But it’s important to understand that cloud providers operate under a shared responsibility model, meaning they are responsible for security of the cloud. As the customer, you are responsible for security in the cloud, which includes your data. 

The cloud is as secure as it can be, but if a well-funded threat actor wants to get in, they will. It’s up to you to figure out how to reduce or neutralize the effect of a cyberattack that stops you from being able to access your data. For companies looking to secure their data in the cloud, traditional methods like encryption and data loss prevention (DLP) are costly and time-consuming, and they have big overheads. What’s more, they’re only effective if you know where your data is. 

Of course, the best way to save money on recovery is not to have to recover from an attack in the first place.

This is where ShardSecure comes in. It uses a technique called microsharding that shreds and stores data across a variety of cloud locations, with a focus on protecting your data and making it more resistant to damage from cyberattacks. It’s like RAID-5 or RAID-50 for the cloud, depending on the configuration: When data in one bucket is damaged, it can be rebuilt using the data in the other buckets. You maintain control and sovereignty of your data no matter where in the world it is, which eases your compliance burden.

Microsharding also offers strong data confidentiality, since anyone looking at a storage location will see only obfuscated data that cannot be readily understood. ShardSecure also offers high availability at multiple levels, which reduces disaster recovery costs — all you have to worry about in the wake of a breach or outage is hardware and connectivity, so your people can continue to work. 

Had the two organizations I mentioned earlier had ShardSecure, they could have regained access to their data immediately (subject to the underlying infrastructure being available) and been up and running much sooner — and, more importantly, without the loss of any data. They would have avoided the need for and cost of most of the recovery process.

ShardSecure is completely changing the game with their self-healing data that enforces data integrity and neutralizes ransomware. They’re bringing peace of mind to organizations that their data is always secure and readily available, come what may. That’s why we’re excited to introduce this innovative solution to Praesidium-Cyber clients.

To learn more about Praesidium-Cyber, click here. To learn more about ShardSecure, check out their resources here.

 

Matt Baron is the Client Director at Praesidium-Cyber, a UK-based SOC-as-a-service company that helps organizations mitigate data privacy and data sovereignty risks in the UK, Europe, and Middle East. Matt has a decade of experience as a cybersecurity, IT security, and risk consultant. His focus is on current and emerging data protection technologies.