A new study from the Centre for Economics and Business Research (CEBR) has found that data breaches are costing UK businesses £34 billion a year. The report suggests this is made up of £18 billion in lost revenue and £16 billion in added security measures after breaches have occurred.
It’s the same the world over. According to a 2015 Ponemon Institute study commissioned by IBM, the global average cost of a data breach to an organization has reached $3.8 million – on average, $154 for every single compromised record. It’s significantly higher in the US and Germany, where the costs are $217 and $211 per compromised record, respectively. These are quite staggering figures.
Now, it’s not uncommon for companies who sell cybersecurity services like IBM and Sophos to talk big numbers like this. After all, clearly we think it’s good to see businesses are investing in doing something about this problem. But you do have to wonder if those billions are being spent effectively. As leaders in the security industry, we have a crucial role to play to ensure they are. We need to deal with the growing complexity of threats without introducing more complex solutions, and cost.
Although over 95% of organizations fall into the small to medium-size business (SMB) category, almost all security solutions are designed for large enterprises – and are therefore frequently too complex for the resource-strapped SMB.
All too often we see SMBs using multiple products that work separately to defeat separate elements of the threat. Products they don’t have the time or expertise to properly manage. The result is less effective security, causing many decision makers to put IT managers and their budgets under tighter scrutiny.
That’s why we advise the businesses we work with to think about security in a more joined-up way, rather than layering on new products each time there’s a new threat.
When I say “joined-up,” what exactly do I mean? Well, to stop complex threats you need security products that can work together as a system – to protect the end user and corporate data, across all points of the network.
SMBs need security solutions that evolve by integrating new protection technologies into their existing agents and consoles and that share intelligence and policies across the different points of protection.
Very often, security breaches are the result of simple oversights that cybercriminals are always quick to exploit. You can reduce these risks with a security framework that is integrated, coordinated, and context-aware. And as we have noted, this is especially critical for SMB organizations, which typically lack dedicated IT security personnel.
Ultimately, such a joined-up approach will reduce costs and improve security at the same time, simply by requiring fewer products to procure, deploy, manage and expensively maintain.
You’ll probably not be surprised to hear that this is the Sophos approach to developing products. Wherever we can, we integrate security functions across all points to improve overall protection. Great examples of how Sophos protection is synchronized and consistent at every point include Web + Endpoint policy and enforcement synchronization; Firewall + Mobile Device Management network access control; Endpoint + Email DLP content control lists and encryption integration; and Next-Gen Enduser technologies like Malicious Traffic Detection.
And we’re continuing to develop new technologies that will soon take this a step further, creating a truly connected endpoint and firewall security system that simplifies prevention, detection and response to advanced malware and targeted attacks. This technology will share contextual information between the endpoint and the firewall using the Network/Endpoint Security Heartbeat. We’re looking forward to sharing more with you soon about this project – which we call “Project Galileo” – and how it works.
One final thought: it’s not enough to have the right security products in place. You also need education and training to help employees understand the simple steps they can take to secure themselves and the business where they work.
So maybe we can all think and act in a more joined-up way. With smart investment in the education of staff and products that work better together, we might see more businesses reducing the risk of breaches while avoiding some of the costs.