IBM and BCX this month co-hosted a virtual cyber security conference on challenges emerging as a result of Covid-19 and the resulting rapid adoption of work from home policies by many organisations. It also revealed how some South African enterprises are improving the odds.
Most businesses are struggling to cope with the security challenges from a growing remote workforce but some are taking the right steps to reduce the risks, reduce the costs, and improve their cyber security resilience.
“Many organisations are rapidly shifting their security and IT operations to protect remote employees, clients, and their own operations,” said Bennie Strydom, Managing Executive: ITSS (Integrated Technology Solutions Sales) at BCX.
But the question asked of many experts and panelists was, are organisations doing what’s necessary to secure their systems and data, and do the necessary governance, or are they incurring unnecessary costs and exposing themselves to risk?
Sheldon Hand, Business Unit Leader for IBM Security in Southern Africa, revealed findings from this year’s Cost of Data Breach study which showed that the average the average total cost of a data breach declined slightly year-over-year, but costs increased for many organisations.
Despite a nominal decline from R43 million in the 2019 study to R40.2 million in the 2020 study, costs were much lower for some of the most mature companies and industries and much higher for organisations that lagged behind in areas such as security automation and incident response processes.
Similarly, deeper analysis of the average cost of a single lost or stolen record (cost per record) showed wide variability, depending on the types of data lost or stolen in a breach.
Chief among the reasons for the decline in the cost of a data breach is that organisations are reducing the number of days it takes to detect attacks as well as the number of days to respond. Yet, the average remains 177 days to detect an attack and 51 days to contain it. That’s about six months, which is too long. Reducing that time significantly reduces the costs associated with breaches.
There are, Hand says, 25 factors that reduce the costs, such as incident response testing, having an internal incident response team in place, developing a business continuity strategy, having the right automation technologies including artificial intelligence, analytics and automated orchestration in place, and more.
“What stands out is that if you conversely have a complex security environment characterised by many disparate security tools and systems, no dashboards, and the inability to hunt threats due to lack of integration, then that significantly ramps up the costs associated with data breaches,” he said.
The solution to modern cyber security challenges, experts revealed, is an overarching policy of zero trust with the intelligent, integrated tools that enable it. These tools provide the advanced analytics and integration to detect threats before they become a major challenge.
They also possess the advanced orchestration and automation capabilities based on AI and machine learning to rapidly prevent and contain attacks. And they support IT resources already strained to meet existing obligations.
The top three ways that organisations are improving their cyber resilience is through the effective use of analytics to detect attacks, implementing automation tools to contain threats, and using machine learning (ML) and AI for integrated intelligence. It gives them visibility into the applications and data, helps them manage their governance practices, and reduces the HR burden.
Organisations face a cyber security landscape of unprecedented complexity, from cloud security to advanced new threats, compliance and privacy concerns, skills shortages, and mobile, endpoint and IoT environments. IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services.
The portfolio, supported by world-renowned IBM X-Force research, enables organisations to effectively manage risk and defend against emerging threats.
IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 70 billion security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide.