As the Middle East makes a concerted effort to grow its knowledge and skills-based economy, the role of data in driving innovation, transformation and success cannot be overstated. Data is key, from unlocking unparalleled insight into consumer preferences and behaviours and uncovering opportunities to optimise processes to identifying entirely new means of revenue generation. And just as businesses understand this value, so do cybercriminals.
The latest wave of digital transformation, accelerated by the pandemic, has redefined – if not entirely eliminated – the traditional enterprise perimeter. The systems and individuals creating and consuming precious data are no longer confined securely within the walls of the organisation. Instead, they operate from anywhere, anytime, via various devices and networks. For attackers, this means they no longer need to focus only on exploiting robust firewalls and IT policies but can target a weaker link, which could be an employee accessing sensitive data from their local coffee shop. Attackers’ growing success in doing so is highlighted in IBM’s Cost of a Data Breach Report 2022, in which 83% of surveyed organisations report that they had experienced more than one breach.
Also worrying for businesses is that according to the same report, the average data breach cost has increased by 12.7% since 2020. The shift to widespread remote working has also had an impact on the extent of data breaches. IBM’s report reveals that, on average, breaches cost one million more when remote working was undertaken compared to organisations where this was not the case. While these figures are already intimidating, the reality is even more grim for organisations in the Middle East, where the average cost per breach (7.46 million) is the second highest in the world.
Reducing the cost of future breaches
We’ve all heard the saying ‘Data is the new oil’, and if Middle Eastern companies hope to extract its full value for the business, they need to take a leaf out of the playbook of the region’s Oil & Gas sector and do everything in their power to prevent leaks. Here are some key steps organisations can take to reduce the likelihood of breaches and the cost should one occur.
Adopt a Zero Trust strategy: This is an effective way to protect access and data, whether it is stored centrally, at a remote location, or on a cloud platform, by implementing access control across users and devices.
Protect data with backup and encryption: Should a breach occur, these steps will reduce the likelihood that data can be stolen or misused. Attackers often target your backups to prevent you from being able to recover your data. As part of your backup process, remember your on-premise data as well as data in the cloud/SaaS applications such as Microsoft 365.
Invest in XDR capabilities: IBM’s report found that organisations with XDR in place shortened breach lifecycles by about a month. Specifically, organisations with XDR took 275 days to identify and contain a breach compared to 304 days for those without. This represents a 10% difference in response times. Being able to spot a breach faster can significantly reduce its impact and the associated costs. XDR platform offers continuous security monitoring with response services for their managed endpoints, networks, and cloud.
Protect your email: Cyberattacks often start with a phishing email to capture admin or user credentials. Choose an email security solution with AI capability that enables proactive threat discovery and automates remediation.
Secure your applications: Applications often have open vulnerabilities that can be exploited to gain access to your data. Use an application security solution that defends against web application vulnerabilities such as OWASP Top 10, zero-day and brute force attacks.
Create and maintain an incident response playbook: Pre-planning is critical to ensure that everyone within an organisation knows the steps that are required should a breach occur. IBM’s report clearly showed the benefits of having detailed plans that guide actions if and when a data breach occurs. Organisations that had an incident response plan in place reported an average of 2.66 million lower breach costs compared with organisations that don’t have IT teams and plans in place. This represents a saving of 58%.
Beating the Breach
As organisations in the Middle East steam ahead with their plans for ambitious digital transformation, cybercriminals will only have greater reason to target their data. Consequently, we can expect the cost of breaches to rise, presenting a formidable risk to both the bottom line and the reputation of organisations that find themselves in attackers’ crosshairs.
As data shows, preventive measures can drastically reduce the overall expense and effort associated with data breaches. Organisations that conduct due diligence and shore up their defences will find themselves able to stem the tide of breaches.