by Kapua Iao
Article filed in

Compromised employee accounts are an expensive problem according to IBM report

by Kapua Iao

Finger cursor pointing to cybersecurity application logo

Compromised employee accounts remain the most expensive problem for organizations hit by data breaches according to IBM Security’s Cost of a Data Breach Report 2020.

IBM examines hundreds of cost factors related to legal, regulatory, and technical needs as well as loss to brand equity, customers, and employee productivity.

Its findings demonstrate the importance of up-to-date user policies, employee awareness training, and email security.

Report summary

IBM’s study of over 500 organizations (and more than 3,200 security professionals from these organizations) took place between August 2019 and April 2020.

Overall, cybersecurity incidents cost participating organizations an average of $386 million per breach. Eighty percent resulted in the exposure of personally identifiable information.

And the more sensitive the data, the higher the costs. According to the report, healthcare organizations incurred the highest average cost of any industry at $7.13 million.

Other key findings:

  • The use of smart technology can cut breach costs in half.
  • Compromised employee credentials are the most expensive breach method, followed by exploited third-party vulnerabilities.
  • The cost of mega breaches (records over 50 million compromised) soared by the millions.
  • Compared to other threat vectors, nation-state attacks were the most excessive.

Employee compromised accounts

Within the IBM report, compromised credentials (and cloud misconfigurations) are not only the most expensive but also the most common type of data breach.

Together, they represent 40% of malicious incidents.

The IBM X-Force Threat Intelligence Index 2020 stresses that more than 8.5 billion credentials were compromised in 2019, a 200% increase from the year before.

Methods to compromise employee accounts include:

And the current health crisis has exacerbated the situation with an increased reliance on employees working from home and cloud technology.

SEE ALSO: IBM Security Study Finds Employees New to Working from Home Pose Security Risk

Unsurprisingly, breaches through compromised employee login credentials have soared during the pandemic.

The healthcare industry

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

Covered entities (CEs) must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

SEE ALSO: Is a Name PHI?

This means shielding patients’ PHI from exposure. Unfortunately, the healthcare industry has seen numerous incidents this year, including:

In July 2020 alone, compromised email accounts led to over 500,000 individual’s PHI being exposed—by far the most of any threat vector.

RELATED: HIPAA Data Breaches Also Surge During the Age of Coronavirus

And as the IBM report highlights, costs are high for data breaches. Patient care may be interrupted and fines for HIPAA violations may be levied.

Spend upfront on strong cybersecurity

Preventing security breaches must be a continuous effort.

Organizations must utilize a layered and comprehensive cybersecurity program along with up-to-date policies/procedures and constant employee awareness training.

And for CEs, that also means making their email HIPAA compliant.

Strong email security works in tandem with employee training to block many threat vectors that focus on employee compromise.

Paubox Email Suite Premium provides needed protection with robust inbound and outbound security tools that require no extra steps for employees to send HIPAA compliant email which arrives directly into the recipient’s inbox—no password or portal required.

It seamlessly integrates with a customer’s existing email provider to send encrypted email by default, safeguarding both inbound and outbound email with data loss prevention tools.

Paubox Email Suite Premium is a perfect option for CEs; by protecting themselves they also protect their patients’ PHI. Spending both time and money to build robust cybersecurity is worth it, in the short and long term.

Try Paubox Email Suite Premium for FREE today.