Compromised employee accounts are an expensive problem according to IBM report
by Kapua Iao
IBM examines hundreds of cost factors related to legal, regulatory, and technical needs as well as loss to brand equity, customers, and employee productivity.
IBM’s study of over 500 organizations (and more than 3,200 security professionals from these organizations) took place between August 2019 and April 2020.
Overall, cybersecurity incidents cost participating organizations an average of $386 million per breach. Eighty percent resulted in the exposure of personally identifiable information.
And the more sensitive the data, the higher the costs. According to the report, healthcare organizations incurred the highest average cost of any industry at $7.13 million.
Other key findings:
- The use of smart technology can cut breach costs in half.
- Compromised employee credentials are the most expensive breach method, followed by exploited third-party vulnerabilities.
- The cost of mega breaches (records over 50 million compromised) soared by the millions.
- Compared to other threat vectors, nation-state attacks were the most excessive.
Employee compromised accounts
Within the IBM report, compromised credentials (and cloud misconfigurations) are not only the most expensive but also the most common type of data breach.
Together, they represent 40% of malicious incidents.
The IBM X-Force Threat Intelligence Index 2020 stresses that more than 8.5 billion credentials were compromised in 2019, a 200% increase from the year before.
Methods to compromise employee accounts include:
- Phishing emails and social engineering
- Human error
- Poor password practices
- Weak access/download policies
- Unencrypted email
- Unprotected storage
- Stolen equipment/devices
Unsurprisingly, breaches through compromised employee login credentials have soared during the pandemic.
The healthcare industry
HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.
SEE ALSO: Is a Name PHI?
This means shielding patients’ PHI from exposure. Unfortunately, the healthcare industry has seen numerous incidents this year, including:
- Phoenix Children’s Hospital (phishing)
- Muskingum Valley Health Centers (ransomware)
- Samaritan Medical Center (malware)
In July 2020 alone, compromised email accounts led to over 500,000 individual’s PHI being exposed—by far the most of any threat vector.
And as the IBM report highlights, costs are high for data breaches. Patient care may be interrupted and fines for HIPAA violations may be levied.
Spend upfront on strong cybersecurity
Preventing security breaches must be a continuous effort.
Organizations must utilize a layered and comprehensive cybersecurity program along with up-to-date policies/procedures and constant employee awareness training.
And for CEs, that also means making their email HIPAA compliant.
Strong email security works in tandem with employee training to block many threat vectors that focus on employee compromise.
Paubox Email Suite Premium provides needed protection with robust inbound and outbound security tools that require no extra steps for employees to send HIPAA compliant email which arrives directly into the recipient’s inbox—no password or portal required.
It seamlessly integrates with a customer’s existing email provider to send encrypted email by default, safeguarding both inbound and outbound email with data loss prevention tools.
Paubox Email Suite Premium is a perfect option for CEs; by protecting themselves they also protect their patients’ PHI. Spending both time and money to build robust cybersecurity is worth it, in the short and long term.