The cost of data breaches in the US is on the rise. Wendi Whitmore, of IBM's X-Force Incident Response & Intelligence Services, tells how to reduce the cost of cyber-attacks.
While the global average total cost of data breaches for companies fell 10% this year, US companies saw a 5% increase in cybersecurity-related expenses.
Wendi Whitmore, team leader for IBM Security X-Force Incident Response & Intelligence Services, met with TechRepublic's Dan Patterson to discuss the causes of these costs and how companies can save.
SEE: Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse (TechRepublic)
This year, Europe saw a 26% decrease in average cost of breaches. One of the major differences between the US and Europe when it comes to costs is notification. Europe prioritizes notifying regulators, while the US prioritizes notifying impacted clients.
The majority of money spent by US-based companies after a data breach goes to notifying affected consumers. Costs begin to add up for US companies since each state has different regulations and laws.
SEE: Security awareness and training policy (Tech Pro Research)
Among all industries, healthcare and financial services continue to spend the most on damage control after data breaches.
What's unique about the healthcare industry is not only the amount of attack surface they have open but how rich their data is as well, Whitmore said. This particular industry attracts attackers because victims can't easily change their information. While people can change their credit cards, they can't change their medical history, or that they have high blood pressure.
However, employees need to be trained ahead of time as well.
Whitmore said the biggest impact is user-awareness. Employers need to educate their employees about the need to be aware of suspicious emails. Users should be able to recognize potential threats in an email, like invalid addresses and files containing malware.
The number one factor for reducing costs has stayed consistent for years: access to an incident response team, either internal or externally.
"The faster that you're able to detect an attack, and the faster you're able to investigate and contain an attack, the much reduce cost you're going to have," she said.
The IBM data breach calculator can be found here.
Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Sign up today Sign up today
More security news:
- Cyberweapons are now in play: From US sabotage of a North Korean missile test to hacked emergency sirens in Dallas (TechRepublic)
- Ukraine is a test bed for global cyberattacks that will target major infrastructure (TechRepublic)
- Interview with a hacker: Kapustkiy from New World Hackers (TechRepublic)
- Get ready for the rise of spymail, the hottest trend in email hacking (TechRepublic)
- How to become a master cyber-sleuth (TechRepublic)
- From Russia with Tech: The top 5 most interesting Russian startups (TechRepublic)
- Video: Top 5 ways to track data breaches (TechRepublic)
- Get an inside look at the exploit infrastructure (TechRepublic)
- US government pushed tech firms to hand over source code (ZDNet)
- Microsoft's new Middle East chief: Why cloud and security are our big focus (ZDNet)
- Meet the shadowy tech brokers that deliver your data to the NSA (ZDNet)
- Security awareness and training policy (Tech Pro Research)
- Employee political activity policy (Tech Pro Research)
- IT consultant code of conduct (Tech Pro Research)
