If the 19th century poet Elizabeth Barrett Browning had been asked about cybersecurity, she might have written, “How does a data breach rack up costs? Let me count the ways.”
Data breaches are costly. That’s not big news. Just how costly they are, and in how many different ways, can be a real eye-opener.
The Real Cost of a Data Breach
Recent publications by Forrester Research and Kaspersky Labs illuminate the many and varied expenses associated with data breaches. According to Kaspersky, which surveyed 5,500 companies worldwide, the average cost of a breach for an enterprise is $551,000. Small-to-midsize businesses (SMBs) spend $38,000 to recover from a breach. These kind of outlays are very common. The report reveals that 90% of businesses admitted to having a security incident and 46% said they lost sensitive data due to an internal or external security threat.
46% of businesses have lost sensitive data during a security incident.
The Forrester paper takes a more variable approach to estimating the cost of recovering from a breach. This may be more realistic, given that each organization will have its own unique impacts and responses to a breach. If you go by Forrester, however, you’ll be in for sticker shock. They accurately predict how you will have to account for the following financial effects of a breach:
- Professional services to repair the damage
- Attorneys’ fees to handle legal liabilities
- Legal settlements
- Public relations fees to manage brand impact
- Costs of notifying customers of breach
- Costs of remediating damage done to customers (e.g. identity protection insurance)
- Regulatory penalties and fines
- Loss of productivity during breach remediation
- Loss of morale and staff turnover
- Effect of breach on stock price
Take a deep breath. If you are in charge of risk and security at a large business, the list above could easily run into tens of millions of dollars.
PAM and Breach Prevention
The best way to save money on responding to a data breach is to avoid having the breach in the first place. Easier said than done, of course, but even reducing the likelihood of an incident is of financial benefit. Consider how most cybersecurity managers assess risk. They usually multiply the probability of an incident with its likely financial impact. If an incident has a 1% chance of occurring, and an impact of $1,000,000, the risk should be valued at $10,000. If you can cut the risk in half, to 0.5%, you have cut the cost of the risk to $5,000.
Many countermeasures help prevent breaches. Of these, however, access controls are among the most effective. After all, to steal data, a malicious actor must first gain access to it. The better the protection against unauthorized access, the lower the chance of a breach. In particular, privileged access management (PAM) cuts off the most serious access threat, that of “root” access.
Defending against unauthorized access is the best way to prevent data breaches.
PAM consists of technologies and processes that govern and monitor users with root privileges. Such a user (often called a privileged user or administrative user) can operate the back ends of critical systems. He or she could configure a firewall or delete a database user account. Privileged users are capable of deleting or modifying data. They can install or uninstall software. A privileged user might be an employee, a contractor or even an automated application.
A PAM solution offers security managers a robust defense against misuse of privileged access. The WALLIX PAM solution, for example, enables:
- Granting and revoking privileges to users only for systems on which they are authorized.
- Avoiding the need for privileged users to have or need local/direct passwords.
- Centrally and quickly managing access over a disparate set of heterogeneous systems.
With such controls and capabilities in place, the risk of a data breach decreases. Nothing is perfect, of course, but PAM makes it a lot harder to attack. For instance, with PAM in effect, it’s less likely that a former employee will retain privileged access rights. An attacker will not be able to override the password on a physical device. PAM also makes it more difficult for malicious actors to pose as third parties, such as IT consultants – a common threat vector in sophisticated data breaches.
Using a PAM solution makes it significantly harder for both internal and external hackers to attack your business.
PAM and Breach Cost Reduction
Breaches occur. That’s life in the world of cybersecurity. How you handle a breach, however, will have an impact on the cost of recovery. PAM solutions can be powerful tools for reducing the cost of a data breach. This happens in several ways:
- Catching breaches early – A PAM solution can be configured to send alerts when there is a suspicious privileged account session. For example, if a privileged account is always accessed from inside the firewall, a remote access attempt might signal an attempted breach. If the security team can be made aware of the problem quickly, it can avert the kind of disaster that occurs when hackers are inside a system for months before anyone notices.
- Integrating with Security Automation and Orchestration (SAO) tools – SAO enables a security team to speed up security incident response by automating routine response tasks and orchestrating multiple systems involved in managing security, e.g. SIEM, ticketing, email, and so forth.
- Creating an unalterable audit trail for any privileged operation – Looking at severe and extremely costly data breaches, a common theme that emerges is the compounding of initial problems by uncertainty about what has transpired. Not knowing how the attack was pursued, who did what, when, to what system, and on and on, adds to professional services recovery costs while denigrating the brand through the appearance of ineptitude. PAM can prevent these negative outcomes or at least reduce their levels of severity.
The WALLIX PAM Solution
WALLIX offers a PAM solution that can mitigate the cost of a data breach through better prevention of attacks and more cost-effective management of attacks once they occur. Each of its three components contributes to this potential:
- WALLIX Access Manager – Governs access to privileged accounts and centralizes access control by creating a single-entry point. Privileged users request access to a system through the Access Manager. Access Manager is aware of systems a user has permission to access. Super admins can use it to add, modify or delete privileged user accounts.
- WALLIX Password Vault – Prevents privileged users from knowing the actual passwords or credentials to critical systems. This precludes manual overrides on physical devices.
- WALLIX Session Manager – Tracks privileged user connections and activities, providing real-time monitoring and recording of all user activities. Session Manager enables detailed audit and accurate incident response.
Prevent Data Breaches with WALLIX PAM
Data breaches can be horrendously expensive. Even a minor breach can be costly. At the very least, they are major distractions from real, profitable business. Preventing breaches and reducing their impact should be a high priority for security and risk professionals. Access controls, and PAM in particular, contribute significantly to breach prevention and cost reduction. PAM solutions should be a key element of a breach defense strategy.