Innovation Practice Analysis Report Zero Trust

The report shows that a single data leak event may lead to the company to pay up to $ 4.24 million, and the report released the highest record since 17 years. And the cost of data leakage is high in new crown virus epidemic.

On July 28, 2021, IBM Security issued an annual global research. The study found that each average data leak event made the average cost of the interviewed company as high as 4.24 million US dollars, and the report released the highest record since 17 years. The report analyzes the real data leaks experienced by more than 500 organizations. The study shows that due to major changes in the operation in the operation of the new crown virus epidemic, the safety incident has caused greater losses to the organization (more Up to 10% last year is more difficult to contain.

Last year, in the face of the new crown virus epidemic crisis, all walks of life were forced to quickly adapted to new technical methods, and many companies encouraged or requested employees to work at home, and 60% of organizations further turned to the clouds to carry out various businesses. The new findings of this study show that the security of the organization may have could not keep these rapid IT changes, thereby weakening the ability of the organization to deal with data leakage.

This year by the Ponemon Institute, the annual data of IBM Security sponsored and analyzed, revealing the following trends in respondents:

The impact of the remote office: organizes quickly turning to remote office during new crown pneumonia, resulting in an increase in the cost of data leakage. Data leakage costs with remote office organizations were more than 1 million US dollars ($ 4.96 million and $ 3.89 million, respectively).

The cost of medical data leaks soared: For industries that have been facing operational methods during the new crown virus epidemic (medical, retail, hotel and consumer goods production / distribution), data leaks increased significantly compared with the same period last year. To date, the data leaks in the medical industry has the highest cost, and each leak has a cost of $ 9.23 million, an increase of $ 2 million from last year.

The certificate is stolen to cause data leakage: Research shows that the user certificate is the most common cause of data leakage. At the same time, customer personal data (such as name, email, password) is the most commonly leaked information in data leaks – 44% leak event involves such data. The superposition of these factors can lead to a spiral effect, because the username / password leakage provides an attacker with the future launch of more data theft.

Modern approach can reduce costs: artificial intelligence, safety analysis and encryption are three major relief factors for reducing data leak costs. Compared to companies that are not widely used in these tools, companies that use these tools can save 1.25 million US $ 1.49 million. Among the cloud data leaks involved in the study, the organization of the organization of the mixed cloud method ($ 3.61 million) is lower than the main organization ($ 4.8 million) or the organization of private cloud (455) Ten thousand U.S. dollars).

Chris Mccurdy, vice president and general manager of IBM Security: “During the new crown virus epidemic, companies have experienced technology quickly shift, and the increase in data leaks in the company is another additional expenditure that companies have to bear. Although data The cost of leakage has set a historic high in last year, but this report also also shows that the use of modern security strategies (for example: artificial intelligence, automation, and zero signaling methods) will have a positive impact, which is expected to reduce the cost of such data leaks. “

Impact of remote office and cloud on data leakage

As the society rely on digital interaction during the new crown virus epidemic, companies have gradually accepted remote office and cloud environments in the process of continuously adapting to the network world. The report found that these factors should have a significant impact on data disclosure. Nearly 20% of the organizations accepting the survey said that remote office is a factor that leads to data leaks, and such data leakage causes the company to increase the loss of $ 4.96 million (nearly 15% higher than the average).

The cost of enterprises that encounter data leak events during the cloud migration project is 18.8% higher than the average. However, the study also found that those companies that have been farther in the overall cloud modernization strategy (entering the “mature” phase) can make more effective detection and responses to data leaks, than companies in the “early” phase Fast 77 days. In addition, in the cloud data leakage event involved in the study, the organizational leakage cost ($ 3.61 million) was subjected to the organization ($ 4.8 million) or the main organization ($ 4.8 million), which was mainly employed by public cloud. $ 4.55 million).

The risk of certificate leaks has a rise

The report also reveals an increasingly serious problem – consumer data (including certificates) have been stolen in data leaks, which can then be used to further initiate attacks. 82% of the interviewed individual acknowledged that they repeatedly used the same password in multiple accounts, so the certificate was both mainly due to the main cause of data leaks, and the results of data leaks, which lead to multiple risks. Personal data exposure: In the survey, nearly half (44%) leaks analyzed the personal data exposed to outside, such as name, email, password, and even medical data, all of which were the most common leak records in the report. Types of.

The loss caused by the customer’s personal identity information (PII): Compared with other types of data, the loss caused by the personal identity information of the customer is the largest – the loss of each individual’s identity information or the loss is $ 180, compared The average loss caused by the overall information of each information is $ 161.

The most common attack method: Using the leaked user certificate is the most commonly used entry point of the attacker, 20% of all vulnerabilities involved in this study, and attackers use this method to initiate attacks.

It takes a longer period of time to find and contain data leaks: I found that the length of time required for user credentials and the longest time required – an average of 250 days can be found, and the average discovery time of all data leaks is 212. sky.

The data leak cost of modern enterprises is low

Although the IT transformation of enterprises during the new crown virus epidemic caused a large amount of loss of the data leakage, those who have not implemented any digital transformation projects in order to achieve modernization. Those who did not perform any digital transformation due to new crown virus, due to each data leakage event, 750,000 US dollars (16.6% higher than the average level).

Studies have shown that companies with zero-confident safety methods can better deal with data leaks. The zero trust method is to assume that the user identity or the network itself may have been attacked, and the connection between the user, the data and resources is continuously validated in the previously described manual intelligence and analysis. With a mature zero-confident strategy, the average data leak cost is US $ 3.28 million, $ 1.76 million lower than that is not deployed.

The report also shows that more companies are deploying security automation than the previous year, thereby saving a lot of cost. Approximately 65% ??of respondents said they were partially or fully deployed in a corporate security environment, while this proportion was only 52% two years ago. Those organizers that have been “fully deployed” safety automation strategy are $ 29 million for each data leak, and the average cost of unmatched automated organizations is more than 6.71 million US dollars.

In addition, investment in the event response team and plan reduces the data leak costs of interviewed enterprises. Enterprises with event response teams and testing event response plans have a average cost of $ 3.25 million, and those companies that have neither respond to teams and have not been tested, with an average cost of $ 5.71 million (54.9%).

More about 2021 reports also include:

Response time: The average time required to find and contain data leaks is 287 days (found that the required time is 212 days, the time required for curbing the time is 75 days), the time required for last year is a week.

Ultra-large data leakage: The average cost of exceeding 50 million to 65 million records leakage leaks is $ 4001 million. This is nearly 100 times higher than most data leaks studied in the report (the number of leaks between 1,000-100,000) is nearly 100 times higher.

According to industry analysis: The data leaks in the medical industry ($ 9.23 million), followed by the Financial Industry ($ 5.72 million) and pharmaceutical industries (US $ 504 million). Although the overall cost of retail, media, hotel and public sectors is lower, but it has also increased significantly from last year.

According to country / region analysis: US data leaks have the highest cost, each incident is as high as $ 9.05 million, followed by the Middle East ($ 6.93 million) and Canada ($ 5.4 million)

Research methods and other data leakage statistics

IBM Security and Ponemon Institute have conducted in-depth analysis of more than 500 organizations involving more than 500 organizations from May to March 202, 2021, and released “2021 data on this basis. Leak Cost Report. This report considers hundreds of cost factors involved in data leaks, including legal, regulatory and technical activities, and brand assets, customers and employee productive losses brought about by data leaks.