Effective employee training is one of the top three ways of reducing the cost of a data breach to your business according to new research.
The IBM-sponsored study ‘2017 Cost of a Data Breach Study’ was conducted independently by the highly regarded Ponemon Institute and the findings certainly make interesting reading.
For instance, did you know that the chances of being struck by lightning this year are 1 in 960.000 but when it comes to being the victim of a data breach the odds tumble to just 1 in 4?
The findings also reveal that the average total cost of a data breach is now an eye-watering £2.76 million, whilst the global average cost per record resulting from a breach is £107.
With figures like that it’s clear that responding to the breach as quickly as possible is key in reducing the potential losses to your business. And effective employee training is one of the top three ways of doing so. The emphasis here is on ensuring that members of staff are aware of the procedures and their associated responsibilities in the event of a breach so that both financial and reputational damage can be limited.
Having an incident response team in place is another significant requirement – it’s vital to have access to the necessary skills and knowledge in order to identify what has happened, establish how the attacker has gained access to your data and resolve the problem as speedily as possible.
The third approach to reducing the cost of a breach is to make extensive use of encryption, so that even if the attacker is able to get hold of your data and records they’ll be unable to actually gain access to it.
The report also usefully includes a series of steps that you should take to accelerate your response to a security incident in order to minimise the cost and impact. These include:
• Identify what has happened as quickly as possible – what the attacker has access to and how to contain and remove that access
• Access the data needed to answer investigative questions – these may be in the form of logs and tools that will help to understand what has happened
• Mitigate the attacker’s access quickly – for example by executing an enterprise-wide password reset, resetting your service accounts and establishing how many of your service accounts have domain administrator credentials
• Establish and document an internal communications plan – this will help to reduce confusion if you have, for instance, to reset all user passwords and will also help to ensure that employees understand what they can and cannot share publicly about the breach
Hopefully you won’t fall victim to a breach and need to action the above points, but remember that the chances are now just 1 in 4…!
IBM Professional Certification is both a journey and a destination. It’s a business solution. A way for skilled IT professionals to demonstrate their expertise to the world. It validates your skills and demonstrates your proficiency in the latest IBM technology and solutions.