Cyber Audits Can Save Businesses $1.5m

Uploaded on 2018-08-23 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

According to a report sponsored by IBM Security, the average global cost of a data breach is now calculated to be $3.86 million. However, the same report also shows that companies that can find a security breach within 30 days of its occurrence can shave as much as $1 million from that average cost.

The research conducted by Ponemon Institute for IBM Security also found that organisations using auditing and logging tools that leverage artificial intelligence, machine learning, and other automated structures saved more than $1.5 million off the average cost of a data breach.

In other words, organisations protecting their information technology infrastructure with advanced systematic monitoring, logging, and auditing procedures cut the average cost of each security breach by more than a million dollars just by having a system in place. 

Since security breaches are inevitable in our current business environment, it is imperative that every organisation implement a strategic plan for auditing their networks.

Automated Auditing
Auditing and logging network traffic, Internet access, file transfers, user activity, permission changes, and myriad other day-to-day activities is the first line of defense in establishing integrity for mission-critical systems. However, creating a framework for monitoring and reviewing those events so that security-related incidents and other critical problems can be addressed and mitigated quickly is just as important.

New automated tools are being developed to help enterprises maintain a robust and responsive system auditing strategy. 
For example, PwdPwn, from Sydney developer Luke Millanta, can audit an Active Directory database with more than 5,000 passwords within 15-30 seconds. 

Performed manually, this basic security auditing procedure would typically take one full day or more to accomplish.
Whatever degree of automation your enterprise is using to audit and monitor its IT infrastructure, there should be a strategic plan of action in place that explains what is being logged, who is responsible for reviewing the reports, and how the organisation will respond to a security breach. 

Tech Pro Research offers an Auditing and logging policy that provides a framework for monitoring and reviewing events that could signal and announce serious problems.

In the current business environment, a security breach of your IT infrastructure is practically inevitable. Having a strategic plan to audit for that impending security breach and respond to it quickly and decisively could be the only thing that separates a successful enterprise from a failing one.

TechRepublic:     Image: Nick Youngson

You Might Also Read: 

Cyber Security is Now Business Critical (£):

Cybersecurity Due Diligence Is Critical:

 

 

« The Market For Cybercrime Tools Is Thriving
Facebook & Instagram Now Show How Long You Use Them »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Foundation Futuristic Technologies (FFT)

Foundation Futuristic Technologies (FFT)

FFT is a global leader in computer forensics and digital investigation solutions.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

Blake, Cassels & Graydon (Blakes)

Blake, Cassels & Graydon (Blakes)

Blakes is one of Canada’s top business law firms serving national and international clients in specialist areas including cyber security.

LEADS

LEADS

LEADS is considered as a leading ICT Solution Provider and an IT partner of choice in Bangladesh.

Defendify

Defendify

We built Defendify to help small businesses navigate the cybersecurity landscape with cybersecurity that is dead simple, affordable, and works around the clock.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Salvador Technologies

Salvador Technologies

Salvador Technologies provides the world’s fastest technology to recover from cyber-attacks.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.

Intel

Intel

Intel products are engineered with built-in security technologies to help protect potential attack surfaces.

Ermetic

Ermetic

Ermetic’s identity-first cloud infrastructure security platform provides holistic, multi-cloud protection in an easy-to-deploy SaaS solution.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

Space Hellas

Space Hellas

Space Hellas is a dynamic, established System Integrator and Value Added Solutions Provider, holding a leading position in the high technology arena.

ANY.RUN

ANY.RUN

ANY.RUN is an interactive online malware analysis service created for dynamic as well as static research of multiple types of cyber threats.

Ingenics Digital

Ingenics Digital

Ingenics Digital is a recognized initiator and leading service provider in the areas of software development and embedded systems.

Hack-X Security

Hack-X Security

Hack-X Security provide IT risk assessment and Digital Security Services. We are a trusted standard for businesses that must protect their data from cyber-attacks.

Flow Security

Flow Security

Enterprises run on data, Flow secures it at runtime. With a runtime-first approach, Flow is a game-changer in the data security space, securing data itself, beyond the infrastructure it resides in.