Compromised employee accounts remain the most expensive problem for organizations hit by data breaches according to IBM Security’s Cost of a Data Breach Report 2020. IBM examines hundreds of cost factors related to legal, regulatory, and technical needs as well as loss to brand equity, customers, and employee productivity. Its findings demonstrate the importance of up-to-date user policies, employee awareness training, and email security.
Report summaryIBM’s study of over 500 organizations (and more than 3,200 security professionals from these organizations) took place between August 2019 and April 2020. Overall, cybersecurity incidents cost participating organizations an average of $386 million per breach. Eighty percent resulted in the exposure of personally identifiable information. And the more sensitive the data, the higher the costs. According to the report, healthcare organizations incurred the highest average cost of any industry at $7.13 million. Other key findings:
- The use of smart technology can cut breach costs in half.
- Compromised employee credentials are the most expensive breach method, followed by exploited third-party vulnerabilities.
- The cost of mega breaches (records over 50 million compromised) soared by the millions.
- Compared to other threat vectors, nation-state attacks were the most excessive.
Employee compromised accountsWithin the IBM report, compromised credentials (and cloud misconfigurations) are not only the most expensive but also the most common type of data breach. Together, they represent 40% of malicious incidents. The IBM X-Force Threat Intelligence Index 2020 stresses that more than 8.5 billion credentials were compromised in 2019, a 200% increase from the year before. Methods to compromise employee accounts include:
- Phishing emails and social engineering
- Human error
- Poor password practices
- Weak access/download policies
- Unencrypted email
- Unprotected storage
- Stolen equipment/devices
The healthcare industryHIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities (CEs) must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI). SEE ALSO: Is a Name PHI? This means shielding patients’ PHI from exposure. Unfortunately, the healthcare industry has seen numerous incidents this year, including:
- Phoenix Children’s Hospital (phishing)
- Muskingum Valley Health Centers (ransomware)
- Samaritan Medical Center (malware)
Spend upfront on strong cybersecurityPreventing security breaches must be a continuous effort. Organizations must utilize a layered and comprehensive cybersecurity program along with up-to-date policies/procedures and constant employee awareness training. And for CEs, that also means making their email HIPAA compliant. Strong email security works in tandem with employee training to block many threat vectors that focus on employee compromise. Paubox Email Suite Premium provides needed protection with robust inbound and outbound security tools that require no extra steps for employees to send HIPAA compliant email which arrives directly into the recipient's inbox—no password or portal required. It seamlessly integrates with a customer’s existing email provider to send encrypted email by default, safeguarding both inbound and outbound email with data loss prevention tools. Paubox Email Suite Premium is a perfect option for CEs; by protecting themselves they also protect their patients’ PHI. Spending both time and money to build robust cybersecurity is worth it, in the short and long term.
Try Paubox Email Suite Premium for FREE today.