How to prevent data breaches in 2023
Headlines are filled with stories of businesses and organizations falling victim to data breaches. Data breaches have been on the rise for a number of years, and sadly, 2022 has been littered with thefts of sensitive information, affecting companies and organizations of all shapes, sizes, and sectors, and they’re costing US businesses millions in damages.
As the number of data breaches rises, so is the cost. In their latest annual “Cost of a data breach 2022,” IBM and the Ponemon Institute found that the average cost of a data breach in the United States increased to $9.44 million (from $8 million per incident) in 2022, while the global average total cost of a data breach is $4.35 million (up 2.6% from $4.24 million in 2021).
The report further found that, in 2022, it took an average of 277 days—about 9 months—for businesses and organizations to identify and contain a breach. These organizations can save money by shortening the time it takes to identify and contain a data breach to 200 days or less.
“The share of breaches caused by ransomware grew 41% in the last year and took 49 days longer than average to identify and contain. Additionally, destructive attacks increased in cost by over USD 430,000.”
Many of the biggest breaches are the result of a shift in how the increasingly digitized economy operates. As companies have embraced the cloud, data is no longer stored in electronic fortresses. As we reported a year ago, most cloud-related data breaches were caused by cloud misconfigurations, which now cost enterprises nearly $5 trillion.
More than 4,100 publicly disclosed data breaches occurred in 2022 equating to approximately 22 billion records being exposed. Cyber security publication Security Magazine reported that the figures for 2022 are expected to exceed this figure by as much as five percent.
The T-mobile data breach cost the company $350 million in 2022 – and that’s just in customer payouts. This puts more onus than ever on businesses to secure their networks, ensure staff has strong passwords, and train employees to spot the telltale signs of phishing campaigns.
“Organizations that had a fully deployed AI and automation program were able to identify and contain a breach 28 days faster than those that didn’t, saving USD 3.05 million in costs. However, it’s not all or nothing. Organizations with a partially deployed AI and automation program fared significantly better than those without.”
How to Mitigate Data Breaches in 2023
It’s not all bad news. The IBM report also found that many organizations are ahead of the threat actors. For example, the report found that “organizations that had a fully deployed AI and automation program were able to identify and contain a breach 28 days faster than those that didn’t, saving USD 3.05 million in costs.” However, it’s not all or nothing, the report said. “Organizations with a partially deployed AI and automation program fared significantly better than those without.”
While using automation can help mitigate data breaches, the question is: how do we detect and prevent data breaches before it’s too late? That’s exactly what one organization is trying to do and solve the problem in 2023. CREST OVS is an international organization aiming to set the standard for application security and provide increased levels of assurance for application security assessments.
CREST OVS is a new quality assurance standard for the global application security industry. CREST OVS provides mobile and web app developers with greater security assurance and accredited organizations with enhanced access to the growing app development industry.
In an email to Tech Startups, Tom Brennan (Americas Council Chair, CREST Americas) explains how CREST OVS sets new standards for application security and why it will be a game changer.
In a statement, Brennan said, “Developed by CREST, in consultation with the Open Web Application Security Project (OWASP), the CREST OVS (OWASP Verification Standard) provides a scalable and consistent approach to web and mobile application security standards. CREST OVS brings together some of the brightest minds in AppSec to improve global application security standards. CREST members can engage with the buying community and with governments and regulators around the world that are looking to raise application security standards.”
To apply for the OVS program, companies need to be accredited to the CREST Penetration Testing discipline. For more information on eligibility and how to become CREST OVS accredited, please visit the OVS pages on the CREST website.
CREST has also launched its enhanced ‘Find a Supplier’ platform, to include options for OVS and all other CREST programs and accreditations, as well as regulator-led schemes. It has been designed to make searching for and selecting the right cybersecurity supplier simpler and more intuitive for buyers.