Data breaches now cost companies across the globe $4.24 million (roughly Rs. 31 crores) per incident on average, according to a recent study conducted by Ponemon Institute in Michigan. The sudden operational shift that organisations had to go through following the coronavirus pandemic was cited as a major reason for this. It’s not the only organisation that has highlighted this either but as the move away from fully in-person offices continues gaining ground, companies are realising that solutions need to be found for this problem.
The Cost of a Data Breach Report 2021 by IBM identified that there were an average of 27,966 records breached between May 2020 and March 2021 in India. Organisations with over 50 percent remote work adoption took 271 days as the average mean time to identify a data breach, 63 days longer than the average mean time to identify a data breach in organisations with less than 50 percent of remote work adoption.
Rs. 16.5 crores was the average total cost of a data breach in India, which was an increase of 17.85 percent from 2020. The cost per lost or stolen record was Rs. 5,900, an increase of 6.85 percent from the previous year. The top three industries impacted when calculating the cost per record in India were the financial sector at Rs. 5,536, the education sector at Rs. 3,139, and the public sector at Rs. 2,100.
To overcome the rapid challenges to security following the shift to a hybrid work environment, some companies are switching to new types of security models like the perimeter model and zero trust model to ensure better safety of their systems. Prashant Bhatkal, Security Software Sales Leader of IBM Technology Sales, India, caught up with Gadgets 360 to explain this in greater detail.
Will Zero trust help reduce the data breaches?
With the numbers and costs associated with data breaches skyrocketing, organisations have been switching to modern approaches to security including adoption of the zero trust approach. The report indicated that companies that adopted a zero trust security approach were better equipped to deal with data breaches. Organisations in India who are in the mature stages of adopting zero trust deployment witnessed Rs. 13.1 crores as the total cost of data breach as compared to organisations who are in the early stage of adoption and witnessed Rs.19.8 crores as the total cost of data breach.
IBM’s Bhatkal considers the zero trust approach as a philosophy or an approach to how organisations structure their cybersecurity programme according to three guiding principles: enabling least privilege access, never trust, always verify, and assume breach.
To help organisations tackle zero trust and make it actionable, IBM has created zero trust blueprints to infuse security into common business initiatives. These blueprints offer guidance on the technology capabilities needed to achieve zero trust in specific situations, including preserving customer privacy, securing the hybrid and remote workforce, reducing the risk of insider threat, and protecting the hybrid cloud.
‘Implementing zero trust is a marathon’
Organisations planning on transitioning from one cybersecurity strategy to another should work with their existing security capabilities and gradually migrate to a zero trust model. Bhatkal said that it is important to assess current security gaps for a specific use case scenario against zero trust framework and align priorities while addressing the organisation’s unique security risks, industry compliance requirements, and investment strategy. “As Forrester says, implementing zero trust is a marathon, not a sprint – a gradual process. Zero trust framework requires integration across multiple security domains, even as security programmes continue to operate in silos. Businesses need to know where to start or how to merge their existing solutions into their zero-trust security strategy,” he said.
As per the report, organisations with a zero trust approach were also subject to breaches, meaning that this approach is not fully breach-proof. The zero trust framework starts with an assumption of compromise, then continuously validates the conditions for connection between users, data, and resources to determine authorisation and need. “While organisations embark on their zero trust journey, they also need to ensure how they are looking at their existing security technology and have a gradual approach to zero trust with each security aspect of the organisation taken into consideration holistically,” said Bhatkal.