The Rise of Cyber Threats Against Email, Browsers and Emerging Cloud-Based Channels report, based on a survey conducted in conjunction with Osterman Research, evaluated the responses of security and information technology decision-makers at large enterprises to reveal findings about today’s enterprise threat landscape.
Topping the findings is that organizations are paying a “hefty” $1,197 per employee each year to address successful cyber incidents across email services, cloud collaboration apps, services and web browsers. On average, that means a 500-employee company is spending an average of $600,000 annually.
This figure in the report is direct costs per employee and excludes compliance fines, ransomware mitigation costs and business losses from nonoperational processes, which can cause costs to climb much higher. Cybersecurity incidents lead to costly and time-consuming incident response processes that strain an organization’s resources.
The report argues that the rise in costs over the last few years has been driven by the rapid adoption of new cloud collaboration apps, cloud storage and services for employee productivity and external collaboration. Threat actors have pivoted their attack toolkits to extend to the latest apps and services that enterprises have adopted.
Although many cloud tools have been around for only a few years, the report found that malicious incidents against these new cloud-based apps and services already occur at 60% of the frequency of attacks on email-based services. Some attacks, such as malware installed on an endpoint, occur on cloud collaboration apps at 87% of the frequency with which they occur on email-based services.
The report also highlights that a successful email-based cyber incident takes security staff an average of 86 hours to address. Extrapolating that result further, it’s calculated that one security professional, with no additional support, can only handle 23 email incidents per year, representing a direct cost of $6,452 per incident in time alone. Incidents that have been detected on cloud collaboration apps or services take, on average, 71 hours to resolve, meaning that one professional can handle 28 incidents per year at an average cost of $5,305 per incident.
Additional findings include that many organizations recognized that they need more boots in the group. All organizations surveyed for the report said that they plan to deploy at least one new security tool to combat threats in the coming year. Some 69% of those surveyed said they plan to deploy three or more.
Perception Point recommends that enterprises consolidate their security stack for more holistic and efficient threat protection, and leverage managed services to support their security teams with scalable and flexible incident response capabilities.
“These findings demonstrate the urgent need for organizations to find the most accurate and efficient cybersecurity solutions which provide the necessary protection with streamlined processes and managed services, in particular with enterprises increasingly prioritizing value for money in today’s challenging economic environment,” Yoram Salinger, chief executive officer of Perception Point, said in a statement. “Moreover, the rapid growth of non-email-based threats crucially underscores the need for security teams to keep up with emerging trends, especially as the modern work environment is in flux and the number of cloud-based collaboration tools that organizations rely on is only likely to expand.”
This article first appeared in SiliconAngle on November 22, 2022, written by Duncan Riley.