Watched the news recently? Then you have probably seen the hundreds of data breaches cropping up around the globe. Whether due to malware, ransomware, malicious insiders, or what have you, cyberattacks are simply rampant in this day and age.
Looking at the Problem by the Numbers
It’s clearly no secret the amount of data breaches is on the rise, but observing some of the facts and figures behind them shows that the problem might be bigger than we give it credit for. Risk-based Security recently released a report stating that the compound annual growth rate of data breaches over the past several years sits at around 3.6%. It’s an astonishing number when considering that the same report said that there are, on average, 80 newly disclosed breaches documented a day. Such growth shows that attacks are becoming more brazen and widespread, targeting everyone from small businesses to entire nations.
Not only are the number of data breaches growing, but so are their costs. IBM reports that out of the 17 years they’ve been reporting on the cost of data breaches, this year’s amounts topped the charts at $4.24M for the average breach. Digging deeper into that number, it just goes to show that the data being purloined in these attacks carry more value, and often, come in greater amounts than in breaches past.
To cap it all off, not only are data breaches on the rise and the costs more severe, but now, some attackers are turning the act of the data breach into their own business. Positive Technologies analyzed this trend in their Criminal Market for Initial Access paper, which detailed a stark rise in web-based advertisements for “access for sale,” essentially, cyber attackers broadcasting that they have the ability to breach organizations, and selling that ability to the highest bidder. Without getting too into the weeds here, these figures show that data breaches have become a business in and of themselves, and one that’s just getting started.
Monetizing Stolen Data Has Never Been Easier, Fueling More Expensive Breaches
Over at Diginomica, a friend of Gestalt IT, Kurt Marko, presented an argument based on these numbers that the way we do security simply isn’t enough to compete with the burgeoning business of breaches. He comments:
We are overdue for an updated security model. The sustained level of cyberattacks and their increasing sophistication and boldness come against the backdrop of more than a decade of continually increasing enterprise security budgets. Adding layer upon layer of security technology and scores of specialists and consultants have done little to protect the typical organization. The disconnect between security spending and data protection shows that the efforts are misplaced and amount to doubling down on a losing hand.
Read all of Monetizing Stolen Data Has Never Been Easier, Fueling More Expensive Breaches by Kurt Marko to learn what he takes away from this information, as well as more of the ‘why’ behind his statement.