The Real Cost of a Breach and How Upskilling Can Help
According to an analysis by IT Governance reported by Cyber Magazine, there was a 951% increase in publicly disclosed incidents year-on-year since March 2022. And in 2022, a report by Ponemon Institute and IBM Security revealed that the average cost of a data breach was $4.35 million. With no relief in sight, organizations must invest in training and technologies to give their cybersecurity teams the best chance to reduce attack surfaces and secure the infrastructure.
A quick note: $4.35 million is just the average cost of the ransom.
This doesn’t include:
- potential legal expenses that may be raised by the victims whose data was leaked,
- fines for noncompliance,
- and other lawsuits.
It also doesn’t include:
- the cost to remediate post-attack,
- loss of business during that time,
- and the potential permanent loss of business due to the hit to the organization’s reputation.
Bottom Line: Your organization can’t afford to delay creating the best cybersecurity team and infrastructure.
How Training Programs Help Strengthen Your Security Posture
You have a solid organizational structure with Red Teams, Blue Teams, and more - staffed by a great team following industry best practices and the appropriate framework like NIST or CIS Critical Controls. You’re all set, right?
Rapidly evolving technology is not hyperbole - and no one in the IT industry can keep up without ongoing training programs to support them. Cybersecurity leaders must advocate for their teams to receive on-demand, hands-on training targeted to each person on their team.
Red Teamers
Over 13,000 vulnerabilities were published in 2022, 3238 of which were flagged with CVSSv2 scores (from 7.0 to 10.0). There were 40% fewer vulnerabilities in 2021, which recorded about 21,000 vulnerabilities. (National Vulnerability Database)
Are you confident that your Red Team has the information they need to keep up with each of the new vulnerabilities and the dozens of zero-day attacks released each year? If not, you’re not alone. Data from the 2022 Vulnerability Management Report show that 71% of organizations run a formal vulnerability management program in-house, but only 30% consider their program very effective.
Blue Teamers
In a survey by Exabeam, 36% of firms are conducting blue team exercises, and blue teams are more effective. In our 2020 survey, 96% of respondents indicated they were performing blue team tests. Within these companies, 11% catch their red teams. In comparison, 60% of companies conducted blue team exercises, and only 2% caught their red teams.
Blue Team exercises seem to show that teams are improving in effectiveness - but the climb is slow, and there’s a lot of room for improvement to get to a majority of Blue Teams always catching their Red Teams.
Investing in Cybersecurity Training to Protect Your Organization
That same Ponemon Institute reported that “organizations with high compliance failures paid an average of $1.22 million more for data breaches.” So investing in cybersecurity training to ensure your team is upskilled is a no-brainer. Which program to choose isn’t as easy.
INE’s cybersecurity training offers on-demand, hands-on training that gives learners practical experience in a low-risk learning environment. We implemented a subscription model that provides clients and learners access to an extensive catalog of training topics for continuous learning. We also have a CVE Library that helps our learners stay updated on the latest vulnerabilities and how to patch/mitigate them.
We’re also excited to introduce Skill Sonar, our skill assessment tool that harnesses baseline assessment data to help cybersecurity leaders create targeted training for their teams. With Red Team, Blue Team, and Yellow Team Essentials assessments, you can understand current-state skill levels and identify upskilling opportunities for each person on your team. This ensures you have the right people in the right seats with updated skills.
There are plenty of options for how you could invest in cybersecurity training. Schedule a demo with the INE team to see our training platform, including Skill Sonar (assessments for teams) and our latest addition, Skill Dive, to see why we’re the best option.
