This leads to concerns about the control and security of data in many businesses and leads to a new type of risk. The exact cost of sensitive data theft to the global economy is difficult to quantify, because cybercriminals and nation-state actors live in the shadows.
In terms of the economic impact, the 2018 “Cost of Data Breach” study by Ponemon, however, place the average cost of a data breach at $3.86 million. Building upon this, eSentire’s new Sensitive Data Security report offers insights into the mindset, motivation and tactics of the cybercriminals behind these breaches.
By leveraging eSentire’s “Red Team” (a group of best-in-class ethical hackers who use the most deceptive methods to test client defenses) the report discusses how hackers gain access to sensitive data without using malware, even using sensitive data from other breaches against a targeted organization.
When thinking about data risks the report recommends that businesses consider the following questions:
What is my data worth from a social perspective?
What is my data worth from a financial perspective?
What is my ease of obtaining the data?
How prepared is your organization relative to its peers? What is the probability of your perimeter defenses being bypassed by threat actors?
What percent of businesses in major industries do not have sensitive/crown jewel data clearly defined?
What is my risk of being caught?
What are the consequences of being caught?
For the research, eSentire facilitated an online survey of 300 IT security professionals across the legal, finance, healthcare, insurance and technology sector. Of these, only 36% reported that their organization clearly defined sensitive “crown jewel” data. This data was pulled from organizations.
The survey finds that many IT professionals (around 50 percent) are not fully confident that their organization can cope with a cyber-attack, and has the necessary security measures in place.
A key factor is not simply the strength of different security systems but the organisation culture and the report suggests that business leaders and IT professionals need to consider a wide range of different hacking strategies and to get inside the mind of the hacker, in order to create the organization structure to address cyber-risks.
