Cyber security breaches can result in significant financial losses for organizations. Threat actors may engage in malicious activities such as stealing intellectual property (IP), holding systems hostage through ransomware attacks, or impersonating trusted devices to gain unauthorized access to networks. These breaches can also damage an organization’s reputation, leading to a decrease in competitiveness and a loss of revenue for the business. Even the process of responding to security incidents can incur costs and divert valuable IT support resources away from other important IT functions. To effectively address these threats, organizations should strategically focus their cybersecurity efforts on the types of attacks most likely to affect them and their specific industry.
Senior Managing Director of Verizon Security Consulting Services.
Costly attack patterns
It is not realistic to eliminate all cyber security risks. Instead, organizations would be wise to hone in on the attack patterns that pose the biggest threats, those that are more likely to extract large sums of money for threat actors. Ransomware and pretexting are among such attack patterns. A ransomware attack costs an organization over $45,000 USD on average, according to Verizon’s 2024 Data Breach Investigations Report (DBIR), and can even rise into the millions in some cases. This attack pattern can put enormous pressure on organizations that cannot afford downtime. For these organizations there is no good option. It’s either pay the ransom and lose money, or endure downtime trying to recover systems and lose money.
Pretexting is not only expensive, but also increasingly widespread, accounting for a quarter of financially motivated cyber attacks. It is often used to carry out business email compromise (BEC) attacks, which cost organizations an average of around $50,000 USD. BEC attacks can be particularly dangerous because they often target high-level executives, such as the C-suite, who typically have access to highly sensitive corporate information. You might assume that their accounts are the most secure, but that’s often not the case, as IT is more likely to make security protocol exceptions for them.
High risk industries
Industries with critical infrastructure or sensitive information are often valuable targets for threat actors. As mentioned in the previous section, ransomware can be particularly devastating here.
For example, a manufacturer cannot afford a production line at its factory to be down for a long period of time. The impact can trickle down the supply chain, where costs potentially grow exponentially. It can affect a manufacturer’s relationship with suppliers and dealers, which can erode its standing in the industry. With increasing pressure, a producer is likely to feel increasing pressure to pay the ransom. A new revision of the NIS2 directive to enforce better network and information system security in critical enterprises. The scope of enforcement has now been extended to additional nation-critical (essential and important) entities (>+50 employee organizations).
Hospitals and other healthcare organizations face a dual threat: confidential patient information falling into the wrong hands and critical life-saving medical equipment, such as infusion pumps, being hacked. Leaked patient records can wreak havoc on a healthcare organization’s reputation, while compromised medical equipment can force a hospital to pay a ransom so their patients’ health is not at risk.
The threat of human error
Often, threat actors have unwitting accomplices: a company’s employees. More than two-thirds (68%) of breaches are caused by non-malicious human error (DBIR), such as an employee accidentally clicking on a malicious email or text link, leading to a security breach. Employees can be fooled by pretext tactics, resulting in a BEC attack. Sometimes they don’t even fall victim to a cyber attack. They simply send sensitive information to the wrong email, such as a healthcare worker sending confidential patient information to an unintended recipient.
Reducing the financial risk of breakage
To help mitigate the financial risk of security breaches, an organization should identify the most common threats and the most destructive (especially those with the potential highest financial cost). As a manufacturer, your worst-case scenario could be a production line held hostage by a threat actor. Preparing for this scenario requires a contingency plan that includes disaster recovery, which can also apply to catastrophic events. In a hospital environment, misdelivery is a common culprit where healthcare professionals send an email to the wrong address, as mentioned above. Improved access control can help prevent these and other errors.
Within debates about digital identities, non-human identities (NHIs) are often overlooked and marginalized. NHIs encompass a wide range of digital identities linked to applications, services and machines. These include bots, OAuth tokens, API keys, and service accounts—credentials that allow machines to authenticate, access resources, and communicate with each other in both critical and non-critical environments. Organizations in this area must carefully consider managing the companies that provide comprehensive coverage to enable effective protection that minimizes risk exposure.
Since exploiting human error is so often the way in for threat actors, training one’s workforce in cybersecurity best practices and the attack patterns they are most likely to see can go a long way toward reducing organizational exposure, but employee training alone is not enough. To reduce the financial cost of security breaches, organizations must invest in robust threat detection and perimeter security solutions. They say it takes money to make money. Well, saving money also costs money.
We have presented the best protection against identity theft.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in the tech industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, you can read more here:
