Month: May 2020

The global six-year average cost of a data breach is $3.78 million. To address this liability head-on, organizations must incorporate industry and security best practices into their cybersecurity posture to reduce the cost of what most cybersecurity professionals recognize as an inevitable data breach. 

FortiGuard Labs’ Chief of Security Insights & Global Threat Alliances, Derek Manky, recently teamed up with Dr. Larry Ponemon of the Ponemon Institute for Fortinet’s Executive Cyber Exchange: The Perspective Series. This presentation, titled “The Economics of Data Breaches & Cybersecurity Exploits” centered on the economic impact of data breaches and cyberattacks, while also noting the investments that organizations should make to minimize the financial burden of such an event. 

Below are some of the key takeaways from Ponemon and Manky that explain why organizations should shift from a detection-based focus to one that is centered on breach prevention to save on the resources, costs, damages, time, and loss of reputation that occurs following a successful attack.

What Factors Contribute to the Cost of a Data Breach?

Benchmark research conducted by the Ponemon Institute concluded that, the global six-year average, cost of a data breach amounts to $3.78 million. However, the financial consequences of a data breach can vary based on several factors, including root causes, network size, and the type of data held by an organization. 

Overall, malicious attacks were found to be the leading root cause of data breaches, followed by human error and system glitches. Loss of business was determined to be the most significant cost contributor resulting from business disruption, system downtime, customer turnover, and reputational damage that inevitably result in revenue losses. Additionally, cost amplifiers like cloud migration, IT complexity, and third-party breaches were found to add close to $370,000 to the total cost of a breach. 

So, what can organizations do to address these security challenges? Derek Manky highlighted the importance of incident response and automated threat intelligence, explaining how his team leverages these concepts to lessen the impact of data breaches:

“At FortiGuard Labs, we are essentially an external SOC for customers in the sense that we’re creating definition updates, antivirus updates, and actionable intelligence. We’ve seen considerable cost benefits stemming from machine learning models, particularly with application vulnerabilities with actionable intelligence on malware. We have one system on the backend that analyzes malware and when it can properly identify that something is malicious, it creates actionable updates that are then pushed out to our Security Fabric and our customers. That system is effectively doing the output job of a team of several analysts. Therefore, organizations can realize a considerable cost benefit by implementing machine learning within their incident response plans.” 

On the other hand, cybercriminals are also leveraging automation and machine learning to increase the speed and efficiency of attacks. Manky notes: 

“Cyber adversaries are weaponizing AI and leveraging swarm technology as a catalyst to speed the attack cycle up even further. The use of offensive automation results in decreased latency for attackers, or a reduced time to breach (TTB), thereby increasing their rate of success. Security teams need to account for the fact that attacks are happening at a much quicker pace and adjust their defensive strategies accordingly. This requires advanced automation technology.” 

The Cybersecurity Lifecycle and the Importance of Prevention 

There are five phases of the cybersecurity lifecycle, ranging from prevention to remediation, that should be part of every organization’s security strategy. Each stage is crucial to reducing the impact of a breach through threat identification, incident response, and resolution. 

• Prevention is the effort to stop malicious threats from infiltrating the network and to classify the types of attacks that are targeting the organization in real-time. In this phase of the lifecycle, organizations can stop attacks before any process can run on the network. 
• Detection is the effort to recognize and identify threats within an organization’s IT security infrastructure that have managed to bypass prevention efforts. During this phase, organizations need to be able to identify malicious processes that are running on a device in the network.
• Containment refers to the effort to stop the spread of a cyber threat once it has been detected and identified on the network.  
• Recovery occurs following threat containment. In this phase of the cybersecurity lifecycle, security teams work to restore the IT infrastructure to its previous, stable state.
• Remediation refers to the effort made to ensure that processes and technologies are updated to mitigate future cyber events. This includes updating training and awareness programs when individuals played a role in enabling a breach to occur.

Most organizations tend to focus the majority of their cybersecurity efforts on the detection of cyberattacks because they perceive prevention as too complicated to achieve. In fact, 76% of respondents to a Ponemon survey agree or strongly agree that prevention would be too challenging to accomplish within their cybersecurity program. When asked about their reasoning, respondents noted issues around attack identification, deploying effective technologies, their own in-house cybersecurity experience, and the challenge of false-positive cyber threats. 

Although preventing a cyberattack is challenging, Dr. Larry Ponemon explained that organizations can realize significant cost savings when an attack is thwarted during this phase of the cybersecurity lifecycle. He detailed such cost savings with the following example: 

“Fending off phishing attacks costs an average of $832,500. But 82% of that cost is spent during the detection, containment, recovery, and remediation phases, and only 18% is spent during prevention. So, if an attack is prevented, total cost savings would be $682,650.” 

Security Operations Centers and Cost Efficiency 

According to findings from the Ponemon study, most organizations believe their security operations centers (SOCs) are a crucial element of their security strategies. When asked to rank the importance of SOC activities, respondents reported that most of their SOC value comes from the minimization of false-positive detections, the enhanced reporting of threat intelligence, the monitoring and analysis of alerts, and improved intrusion detection. However, close to half of all respondents also reported dissatisfaction with their SOC’s overall ability to detect attacks. 

Additionally, after investigating the economics of security operations centers, researchers found that outsourcing SOC services does not improve cost efficiency. On average, organizations spend $2.86 million per year on their in-house SOC – but this cost increases to $4.44 million when outsourcing SOC functions to a managed security service provider (MSSP). 

However, those numbers depend on having the right SOC resources in-house. Three-quarters of organizations rated the management of a SOC environment as challenging. At the same time, only half of those organizations found they were able to hire the right talent to manage their SOC. Which may also be why only half of those organizations felt that their SOC environment was effective. The crucial takeaway is that cost is only part of the equation in establishing an effective SOC environment. Organizations need to focus on assembling the best possible SOC team.

AI Improves Incident Response and Lowers Costs 

Considering the high success rate of data breaches, Manky highlighted the critical role of incident response and automation in reducing data breach costs. He emphasized that Artificial intelligence (AI) is an essential tool that can help SOC teams overcome the challenges associated with breach mitigation and incident response. 

Most organizations report success with AI implementation, seeing increases in the speed of threat analysis, acceleration in threat containment through the automatic separation of infected endpoint devices or hosts, and improved identification of security vulnerabilities. By realizing these benefits, organizations can leverage AI to reduce the time and cost of incident response. Dr. Larry Ponemon further explained:  

“When AI is used to contain cyber exploits, the time and cost are significantly reduced. The average cost of not using AI to address cyber exploits is more than $3 million, versus $814,873 if AI is used. Thus, a company can potentially save an average of more than $2.5 million in operating costs.” 

Final Thoughts

Top CISOs and experts in the security field warn that data breaches are inevitable. With breach costs reaching close to $4 million, organizations must be fully prepared to prevent or deal with the fall out associated with a successful attack. For this reason, organizations should focus their efforts on developing a security framework that highlights prevention and incident response while also leveraging AI capabilities to decrease the economic impact of a breach.

Learn how FortiGuard Labs provides unmatched security and intelligence services using integrated AI systems.

Find out about the FortiGuard Security Services portfolio and sign up for our weekly FortiGuard Threat Brief.

Discover how the FortiGuard Security Rating Service provides security audits and best practices to guide customers in designing, implementing, and maintaining the security posture best suited for their organization.

As organizations deploy workloads and critical resources in the cloud, they must ensure they’re also properly securing data, applications, and other digital resources that are getting migrated. With the threat landscape continuing to evolve, organizations need to create a security framework as part of their cloud strategy so that digital innovations don’t result in cyber threats and increased business risks.

Protecting the cloud requires going beyond the traditional security model. With secure access to cloud resources available from anywhere, organizations should now have the confidence to deploy any application on any cloud infrastructure with ease. Fortinet’s Dynamic Cloud Security offerings are helping customers reap the benefits of cloud adoption while providing the necessary visibility and control across cloud environments. In this blog, we look at three customers who have deployed the Fortinet Security Fabric’s cloud offerings to secure their cloud environments and critical business applications. 

Large Retirement Funds Manager 

Since its inception, one of Mexico’s largest retirement funds manager has aimed to provide their customers with a bright and secure future managing individual accounts and helping ensure they can retire at ease. Serving thousands of customers and with years of sensitive customer information, the company needed comprehensive security to protect its web application servers, through which it grosses 90% of the organization’s revenue. 

After a WAF architecture evaluation that included Fortinet alongside several other vendors, the company chose Fortinet’s solution to protect their web applications, including IP reputation, DDoS protection, protocol validation, application attack signatures, bot mitigation, and machine learning capabilities. Having a hybrid environment, consisting of cloud and on-premise workloads, the company took a comprehensive approach to defend its core business applications that power critical information and services and ensure constant communication with customers.

In addition to the comprehensive WAF architecture, Fortinet identified additional pain points for this large retirement funds manager that required key security components that Fortinet was able to uniquely address by providing complete cybersecurity protection, including next-generation firewall protection that also provides internal segmentation and company-wide VPN service. By implementing Fortinet solutions, and specifically leveraging FortiWeb WAF, this customer has been able to decrease its customer attrition rate, increase application performance without compromising security, and reduce complexity and TCO by enabling and implementing diverse network and security options.

Private Pharmaceutical Company

A major Italian pharmaceutical company was looking to better secure its critical business information and sensitive data. They were looking for both security and simplification, enabling a holistic security solution that would allow them to expand into other countries while managing more for less.

Not only were they looking to ensure workflows and applications could securely travel across and between different clouds, data centers, and devices to accomplish their tasks, but they also needed their security to scale. The organization was also looking to secure their entire network in order to move to the Office365 cloud solution. Additionally, they needed to optimize WAN links between HQ and their four main sites. 

With Fortinet’s Security Fabric offerings, this major pharmaceutical company was able to accomplish all this and more. Deploying Fortinet’s cloud solutions, the organization was able to implement advanced security and simplification with a lower TCO compared to other competitors. Using Fortinet’s Secure SD-WAN, this customer has been able to accelerate connectivity to Software-as-a-Service (SaaS) applications as well as applications located in major public cloud providers globally.

A Leader in Real Estate 

As a top leader in its sector, a real estate service provider in France focuses on delivering a high-quality experience across multiple sites to their customers. The organization caters to student housing, retirement facilities, and hotel residences, working with thousands of customers year-round. In order to remain competitive in the industry, they were looking to implement a solution that would modernize and protect them as they migrated workloads to the public cloud. 

By deploying Fortinet’s Security Fabric offerings, they were able to securely migrate several core web applications to Azure Cloud. Additionally, the organization wanted to have full visibility across their network as well as leverage a Secure SD-WAN solution that was scalable and independent from telco operators. Using Fortinet’s FortiWeb WAF and FortiCWP, the organization was able to reuse their data center 1200D as a hub, thereby reducing costs, and were also able to establish extensive visibility across their environments. This leading French real estate service provider also deployed Fortinet’s FortiGate NGFW for its Secure SD-WAN capabilities, which has allowed the organization to digitalize remote locations and securely connect their branches to the cloud. 

Securing Environments with Fortinet’s Dynamic Cloud Security 

It’s necessary to develop a unified technology approach across all computing environments to optimally secure business operations. With the right deployment, organizations can secure their networks, including any application on any cloud infrastructure. Similar to the three customers mentioned above, any organization can take advantage of impressive performance and cost savings, while ensuring their data is protected, through the adoption of Fortinet’s Dynamic Cloud Security offerings.

Learn how Fortinet’s dynamic cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.

Read these customer case studies to see how Cuebiq and Steelcase implemented Fortinet’s dynamic cloud security solutions for secure connectivity from data center to the cloud.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.