The cost of not protecting

When doing the math on how much it costs to set up a good data protection service, some companies find it too expensive and put off planning. But only those companies who insist on looking at the easiest calculation, the obvious one involving antivirus budgets and IT tools, believe that cybersecurity can be left for later. In this scenario, the most important thing is left out.

First of all, we need to put down on paper the cost of not protecting.

Brazil had the highest number of users attacked by phishing scams in the first quarter of 2019, according to Kaspersky, an international company that produces Internet security software.

Also according to the data, in the same period, the technology prevented 111.8 million attempts worldwide to direct users to fraudulent websites.

We've arrived in 2020 and already in those first few months, with the coronavirus pandemic, we've seen all the variations we were used to in the cybersecurity environment skyrocket. To give you an idea, in recent years, ISH teams working in SOCs to monitor and prevent attacks by cybercriminals have become accustomed to living with month-on-month changes in attacks of no more than 8%. The fluctuation was predictable because it was usually noticed during specific periods, such as when income tax was due, the run-up to Black Friday and Christmas shopping, among others. But even though damage attempts were increasing, nothing exceeded 8%.

Since January, something has happened that we've never seen before.

The intensity of the attacks more than doubled: it reached 220%. It is estimated that more than 2 million Brazilians have been victims of hacker scams involving the terms "COVID-19" and "coronavirus". According to a survey carried out by ISH engineers, in March alone, 21,000 new malicious file-type artifacts, 73,000 IP addresses and 36,000 websites were created and placed on the internet, all using the pandemic as bait for scams.

Cyberattacks and security breaches will occur and negatively impact businesses, there is no longer any doubt about that. So the question is no longer whether a company will be hacked, but when it will be.

How much does it cost not to protect?

The damage caused by security breaches grows year on year. In Brazil in 2019, the average cost of a data breach was R$5.4 million, an increase of 18.93% compared to 2018. This year, in the United States, this figure is already at US$5 million.

And the financial impact of a data breach isn't just felt when it happens. The consequences continue in the long term. While an average of 67% of breach costs are realized in the first year, 22% accumulate to the second and 11% extend beyond two years after a breach.

It's no wonder that the cost of insurance for data leaks is rising and often doesn't cover the entire loss. It's getting harder and harder to make ends meet.

Therefore, when we think about cybersecurity in the corporate environment, we are no longer talking about simply applying more technology to the organization's processes. We're talking about operating in a hyperconnected world, where protection needs to be part of the strategy, ensuring the confidentiality of information and facilitating business.

By Allan Costa