Data Breaches Involving Social Engineering Attacks Take Longer to Identify and Contain



Data Breach Social EngineeringContinuing coverage of IBM’s recently-released Cost of a Data Breach report, we focus on the impact attacks involving social engineering have on data breach costs.

There are two reports every year that we cover on this blog that you should be reading – Verizon’s Data Breach Investigations Report and IBM’s Cost of a Data Breach report. Each of these reports has been published for years, providing insight into how the state of data breaches are changing. In IBM’s case, we see how the costs associated with detecting and remediating data breaches changes.

In their most recent report, we find that the average data breach costs an organization $4.45 million, taking an average of 204 days to identify the breach and 73 days to contain it. I recently pointed out that data breaches involving phishing are the most costly, but IBM also makes it clear that when social engineering is used (whether via email, the web, voice, or text as the delivery medium), there are some additional negative consequences:

  • The cost of the breach increases as well to the tune of another $100,000 on average
  • The number of days it takes to identify a breach jumps to 234 – likely because either the social engineering is either working to harvest internal credentials or persuade the victim user to take action on the threat actor’s behalf (in either case, threat actions look legitimate because they’re being done using a valid user’s credentials)
  • The number of days it takes to contain a breach increases to 80 days

Don’t discount the power of social engineering; tricking users into giving up credentials or performing an action that benefits the cybercriminal may be the difference between a successful and a failed cyberattack. The most effective tool in combating social engineering is security awareness training that continually teaches users how to see manipulative requests for what they are, making the user the line of defense where an attack stops.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews