The 2020 Cost of Data Breach report from IBM and the Ponemon is out. It provides a detailed analysis of causes, costs and controls that appeared in their sampling of data breaches. The report is full of data, and the website allows you to interact with its information so that you can do your own analysis and/or dig into aspects relevant to you and your industry.

The obvious finding is that data breaches are expensive. The average cost of data breach is between $3 million and $4 million. That million-dollar difference is based on how long the data breach lifecycle lasts. The breakpoint is the 200-day mark. Shortening the lifecycle reduces the cost, so anything you can do to reduce the time it takes to identify a breach, contain it and take the appropriate corrective actions will save you money.

Fortunately, the report points to some ways to blunt the impact of a breach or, better yet, prevent one from occurring in the first place. Here is where I see the biggest returns on investment based on the report’s findings.

Number One Exposure: Cloud Configuration

The leading cause of breaches in 2020 was misconfigured cloud deployments. This isn’t surprising given how many companies are moving their infrastructure to public cloud platforms. With this move, unfamiliar technologies and new ways of managing infrastructure are introduced; the cloud offers quick and easy deployments without the well-known guardrails of a traditional data center. It’s like moving into a new house, only it’s a huge mansion with doors everywhere, and some of them are hidden in surprising places. This complexity makes room for human error and misconfiguring cloud-based data.

Luckily, you can hire someone to go through the house, find all the entrances, show you where they are and secure them for you. This (Read more...)