Tools Resources Plans

Three Takeaways on Cloud Security from the IBM Data Breach Report 2023

Shweta Khare

Tuesday, Aug 29th, 2023

IBM’s annual Cost of a Data Breach Report offers its usual insights into the scale of cybercrime and the costs of security breaches. It paints a picture of a technological landscape which is becoming more complex, demanding and uncertain. As organizations increasingly migrate to cloud platforms, the need to fortify these digital landscapes against a plethora of threats has never been more crucial. So, what are the biggest takeaways from this year’s report with focus on cloud security?

1. Costs hit new highs

Unsurprisingly perhaps the average cost of a data breach hit a new record of $4.45 million. This was a comparatively modest increase of just 2.3% on the previous year but the 15.3% increase from 2020 affirms just how much costs have accelerated since the pandemic.

Digging down deeper into these figures we see that healthcare organizations find themselves right in the firing line. Since 2020 costs in this sector have shot up a startling 53.3%. For the 13^th year running, healthcare had the most expensive average costs at $10.93 million. Healthcare companies represent a perfect target for cyber criminals. They hold large amounts of sensitive data and the quality of defenses can often be inconsistent.

More than most sectors, the consequences of a data breach can be much more serious. For example, if a hospital sees its computer systems interrupted, as happened in the recent attack against Prospect Holdings, patient services can be at risk. Several emergency rooms across the States had to be closed and ambulances had to be diverted.

Time was important in determining the size of the costs. Companies that failed to identify a breach within 200 days would lose on average $1.02million more than those who spotted the breach more quickly. Companies with more complex security systems lost an additional $1.04 million – an increase of 31.3%.

A data breach is like a fire. The longer it is left unchecked the more damage it will do.

As companies adopt increasingly complex IT systems processing large quantities of data, their exposure to attacks is on the rise. Not only are those companies with large amounts of data more likely to be targeted, but they are also likely to suffer exponentially higher losses.

Those companies with fragmented security systems who fail to detect breaches quickly will also see financial and reputational costs spiral. Vigilance is key – both to prevent attacks and make sure a company can detect and respond to a breach as soon as possible.

2. Cloud assets are prime targets

83% of breaches involved data stored in the cloud, public, private and multiple environments. 39% of attacks gained access to multiple environments and the costs were also above average at $4.75 million. As organizations migrated into the cloud, attackers came after them. The range of attack paths multiplied.

Take for example the attack which capitalized on lax permissions in a company’s AWS infrastructure. The attack, which has been dubbed Scarlet Eel began when an attacker exploited a Kubernetes cluster to gain temporary credentials and spread laterally through the system. They were only stopped because the company involved limited the scope of the permissions.

The cloud offers enormous value for companies, but the risks cannot be ignored. It multiplies the attack paths and can make it much more difficult to identify attacks when they occur. Multiple cloud environments can also increase the complexity of security systems which, as mentioned earlier, can increase the costs of an attack if it happens.

To stay safe in the cloud, companies need to adopt a cloud native security strategy to cope with the new challenges of the cloud environment. It can reduce the complexity and sprawl of tools, assess and prioritize possible security vulnerabilities and provide greater visibility across the cloud landscape.

3. Adopting a proactive approach to security is vital

Cloud technologies have changed the game for companies and completely altered the security landscape. However, many companies still approach security in the traditional manner. This leaves them hopelessly ill equipped to identify and repel an attack.

The report showed that just one in three threats were identified by the companies themselves. The rest came either from benign third parties or the attackers themselves, such as in a ransomware attack. That companies are ill prepared should not be entirely surprising. The move to the cloud happened at a furious pace. Companies only have limited access to expertise and are ill prepared for what follows.

As a result, when a breach does occur, many panic and do whatever they can to mitigate threats as quickly as possible. With ransomware attacks, that often translates to paying the attackers to unlock services.

For victims, this seems like the quickest way to get things back on track and minimize the damage. Some even appear to see it as an inevitable cost of doing business, but the IBM report paints a very different picture. It found that those companies which did not involve law enforcement suffered an additional $470,000 in costs from attacks. Those that didn’t also experienced a 33-day-longer delay.

Attacks, therefore, need a rigorous defense – both to prevent an attack and mitigate its effects when it occurs.

IBM’s report found that new strategies and technologies can be extremely effective. Firms which adopted high levels of DevSecOps save $1.68 million compared to those with little or no adoption. DevSecOps involves the integration of security processes at every stage of development and offers the largest savings. It infuses security into the fabric of the development pipeline and enables teams to prevent and respond to attacks.

Companies with high level Incident Response planning and testing also saw cost savings of $1.49 million. Having clear mechanisms in place to respond and mitigate attacks enables teams to mitigate the effects of the breach.

Artificial intelligence is also proving its worth. Automation and AI enable firms to identify and contain breaches on average 108 days more quickly than average. Firms with extensive AI capabilities also reported $1.76 million lower data breach costs compared to those that did not use security AI and automation.

How Panoptica cloud application security solution can help

IBM’s report highlights the evolving challenges facing firms working in cloud native environments. The nature of security challenges is changing. Costs are rising and attackers are adapting their attacks. However, a comprehensive approach to DevSecOps coupled with the right expertise and technology can provide cutting edge and robust protection against the most sophisticated of attacks.

Doing this requires support. Panoptica supports DevSecOps and compliance teams in protecting cloud native application. It provides comprehensive set of CSPM and CWPP capabilities that identifies attack pathways and enables teams to secure containers, Kubernetes security and strengthen supply chain security among others.

Panoptica provides fast and effective incidence response and automates the monitoring of security threats. Furthermore, its platform continues to evolve to adapt to the changing security landscape to offer complete security from build to runtime.

Get Started

Solutions

Tools

Resources

Plans