Cybersecurity incidents are expensive. According to IBM Security’s 2021 Cost of a Data Breach Report, the global average cost per incident was $4.24 million, up 10% from the previous year. And that number doesn’t take into account the long-term reputational damage businesses often face as a result of a cybersecurity incident. While not even the most robust cybersecurity program is impenetrable, organizations have many tools at their disposal for preventing, detecting, and mitigating these digital threats. Let’s take a deeper look at why cybersecurity incidents are so damaging, examples of common threats, and how to reduce your organization’s risk.
Why Is a Cybersecurity Incident So Dangerous?
Data security incidents are becoming an increasingly common threat. As businesses collect and store larger quantities of data to meet operational and data analytics needs, their exposure to a breach grows along with it.
Businesses store sensitive customer data including credit card information, financial records, medical records, purchasing histories, and more. Much of this information has significant value to hackers seeking to exploit it themselves or sell it to others. Cybersecurity incidents that involve the unauthorized disclosure of personally identifiable information (PPI) can be very costly to resolve.
Medical patients, financial services clients, ecommerce customers, and others entrust their personal information to the organizations or businesses that provide the services they’re seeking. When personal data is compromised, that trust is violated, creating reputational damage that can be difficult to recover from.
Fines and regulatory noncompliance
Data security breaches can trigger fines and regulatory headaches. The EU’s General Data Protection Regulation (GDPR) and Health Insurance Portability and Privacy Act (HIPAA) are just two examples of data privacy regulations that exact monetary penalties for failure to maintain proper data security protocols.
Cybersecurity incidents can trigger a cascade of operational disruptions. Ransomware or other malicious software installed on an organization’s network can block access to data systems needed to operate, shut down assembly lines, or disrupt critical transportation networks. Internet of Things (IoT) devices are another potential vulnerability, providing an easy way into other operational systems.
Cybersecurity Incident Examples
Cybersecurity incidents come in many forms. Here are four examples of data breaches and the effects they had on the companies involved.
Insider data theft
In 2019, an employee of Desjardins Group, a Canadian financial services company and the largest credit union association in North America, sold data that compromised the personal data of over 4 million of their users. The legal settlement to settle claims from affected users totaled $157.31 million.
Attacks via a connected service provider
In 2019, a former software engineer of Amazon Web Services (AWS) hacked into the Capital One server hosted on AWS and gained access to the personal data of over 100 million people, including 140,000 Social Security numbers and 80,000 bank account numbers. The bank expected that the breach would cost it up to $150 million, including paying for credit monitoring for affected customers.
Compromised IoT devices
IoT devices are now common across a range of industries. Applications include monitoring operations on the factory floor, conducting quality control operations, security surveillance, and more. In early 2021, hackers gained access to thousands of security cameras manufactured and monitored by Verkada, a security as a service firm. Verkada customers include hospitals, schools, jails, banks, and health clinics. Using a publicly displayed Verkada username and password, hackers were able to enter an upper-level admin account that provided them access to live feeds and stored footage from nearly 100 customer accounts.
Consumer data theft
In 2013, and again in 2014, Yahoo experienced the largest known breach of a computer network. Names, birth dates, usernames and passwords, security questions, and backup email addresses were compromised. This massive data security incident affected all 3 billion Yahoo accounts when hackers were able to break past weak data encryption technologies Yahoo was using to secure their user data.
How to Reduce Cybersecurity Incidents
In today’s world, there’s no such thing as complete immunity from cyber intrusions. But many organizations fail to deploy a security data lake on a cloud data platform to mitigate risk. Here are three frequently missed opportunities for bolstering the cybersecurity stance of any organization.
Unify siloed data from across the organization
Data silos represent a significant cybersecurity risk. When an organization’s operational and security data are housed separately, security professionals lack clear visibility across the entire organization or enterprise, creating dangerous blind spots that hackers can exploit. Legacy security and event management systems (SIEM) solutions perpetuate these data silos and limit how much security-relevant data can be stored. In contrast, cloud data warehouses offer near-limitless storage for event logs and enterprise data, allowing analysts access to years’ worth of data for use in security investigations.
Automate manual cybersecurity processes
When security analysts are forced to spend time completing low-level tasks such as manually analyzing data from multiple sources to resolve noisy alerts, they’re unavailable for high-level security tasks such as threat hunting. One example of automation is the use of customized playbooks that use a rules-based system to automate security responses to a wide range of cybersecurity issues.
Accelerate threat detection and response processes
The cybersecurity landscape is constantly evolving. Detecting threats quickly and launching an immediate response can help mitigate the impact of a data security incident. If you’re using a cloud data warehouse or security data lake to power your cybersecurity program, an off-the-shelf integration can provide a continuously updated stream of security content, ensuring your cybersecurity team is current on the latest threats.
Cybersecurity and Snowflake
Snowflake for Cybersecurity protects your entire enterprise with unified data, near-unlimited visibility, and powerful security analytics capabilities. Establish a modern security data lake with Snowflake to enable analytics, accelerated detections, and speedy investigations. With Snowflake, you can quickly investigate the timeline of an incident across the full breadth of your high-volume log sources, including cloud systems, firewalls, servers, network traffic, and SaaS applications.
Snowflake makes it simple to automate manual processes by combining contextual data sets with traditional security logs for higher-fidelity alerts. Accelerate threat detection and response, streamlining your response workflow by easily deploying a connected application to your Data Cloud with off-the-shelf integrations, up-to-date security content, and pre-built interfaces. Bring your security data together in one place, eliminating the data silos perpetuated by legacy SIEM solutions and their limited storage and expensive costs. With Snowflake’s Data Cloud, you can unify your logs and enterprise data in a single place and store virtually unlimited amounts of “hot” data cost-effectively for years.
See Snowflake’s capabilities for yourself. To give it a test drive, sign up for a free trial.