Global end-user spending on information security is projected to hit $212bn next year, an increase of 15% from 2024, according to Gartner. Yet at the same time, data breach costs continue to spiral. The latest IBM report now puts the global average at nearly $4.9n per incident. This raises the question: are organizations spending their cybersecurity budgets in the right areas?
A closer look at IBM’s study would seem to indicate two main related culprits: phishing and credential compromise. If organizations can’t effectively mitigate these attacks, they must focus more effort on neutralizing the risks posed by data theft.
Waltzing past defenses
For the second year in a row, the most popular initial access vectors for data breaches studied in the report are:
- Compromised credentials (16%)
- Phishing (15%)
- Cloud misconfiguration (12%)
Compromised credentials and phishing are, of course, often related. For example, a threat actors might target an employee with a spear-phishing attack which yields credentials they subsequently use to access an IT network or data store. On the other hand, the phishing message may covertly install malware that does the same job.
In the case of cloud misconfiguration, it is human error on the part of the victim organization that opens the door to compromise. Threat actors increasingly use automated systems to probe for such security errors to exploit. In fact, the report tells us that while malicious third-party attacks comprised 55% of breaches over the past year, IT failure (23%) and human error (22%) account for the remainder.
Time is money
We also know from this report and its 2023 predecessor that, in general, breaches that take longer to identify and contain (known as the breach lifecycle) are more costly. In 2024, data breaches with a lifecycle of 200+ days had the highest average cost ($5.5m) versus those of under 200 days. Costs for longer breach lifecycles also increased by 10% this year, showing that the trend is solidifying.
This is borne out by the fact that compromised credential attacks – with an average lifecycle of 292 days – were among the top four costliest incident types ($4.8m). Also in the top four were phishing-related breaches (261 days) which cost $4.9m on average. Malicious insiders (287 days), were the most costly of any breach type, at an average of $5m per incident. These are known to be among the hardest to discover as the threat actor operates from within the victim organization, often with an in-depth knowledge of its security tooling and processes, and has a vested interest in not being discovered.
Focus on the data
So what does this tell us about information security efforts? Clearly, organizations are finding it extremely challenging to stop phishing and credential compromise. Part of the problem is that it becomes difficult to distinguish between legitimate and malicious activity when malicious actors are impersonating legitimate users using their stolen or breached credentials. By the same token, it’s difficult to root out malicious insider behavior. These challenges are also compounded by IT and human error.
All of this makes a strong case for organizations to pivot to a data-centric security strategy that ensures sensitive data is protected as soon as possible, wherever it resides across the enterprise – including in cloud environments. That means, even if a threat actor waltzes past perimeter defenses with a compromised credential or phishing-related malware/vulnerability exploit (or if they find a misconfigured cloud system to access) they will be unable to do anything with the data they find.
The key is to ensure that data is discovered, classified and protected in line with policy on a continuous and automated basis. There’s simply too much of it, and enterprise data environments are too dynamic, for this to be done manually. Choose a provider like comforte. Its Data Security Platform offers multiple protection methods including tokenization, which has the advantage of preserving data utility without compromising on security.