Small businesses find themselves disproportionately vulnerable to cyberattacks, accounting for a staggering 82% of all breaches in 2023. The staggering statistics reveal the reality: an average user contends with around 1.5 malicious emails and witnesses the compromise of 30,000 small business websites daily. Which leads us to incident response and the big question: What are the economic implications of effective incident response, particularly for small to medium-sized businesses (SMBs)?
Let's dive into the economic landscape and explore the costs associated with various approaches to incident response.
No Response: The Cost of Doing Nothing
In 2023, the average ransomware attack cost SMBs $1.85 million per day in damages, primarily due to system outages, some lasting several weeks. Insurance claims averaged about $365,000, typically driven by IT and third-party labor for containment and system restoration. In a numbers game, where approximately 2 to 7% of revenue typically goes towards IT, with an average annual SMB spend hovering around $50,000. The costs of not being proactive far surpass the annual IT expenditure, magnifying the financial blow of recovering from an attack. Keep in mind the potentially exorbitant cost of paying the ransom, which averaged around $1.5 million in 2023.
A managed detection and response (MDR) service needs to respond to cyberattacks quickly enough to mitigate the loss of data or systems across the company. This means continuous monitoring and intervention by security professionals for endpoints, network, cloud, mobile devices, and identity systems. Given that, 59% of ransomware attacks involve endpoint and cloud and often occur during non-business hours, think 3 am on Sunday, let's explore the economics in each area.
Endpoint Security
A robust AI-driven EDR, like CrowdStrike or Defender, is the foundation for your security. While achieving 100% success on the endpoint is ideal, responses don’t always contain the attacker. The race against time begins from the moment a threat is identified, or an endpoint is quarantined. On average, it takes roughly 79 minutes for attackers to breach other systems within a network. With an MDR service provider, the response time is typically 30 minutes for a high-severity attack, allowing threat hunters to swiftly isolate systems, block IPs, and deactivate compromised accounts, thereby stopping the attacker's capabilities. At ActZero, our current mean-time-to-first response (MTTFR) is less than 6 minutes.
Modern firewalls with Intrusion Prevention Systems (IPS) can stop network attacks and temporarily block harmful IPs. But getting thousands of email alerts can overwhelm small businesses. Our MDR service uses modern firewalls (also known as Next Gen Firewalls) to automatically update and block attacker IPs. This efficiently stops various attacks without the overwhelming alerts. Unlike manual methods, which require frequent updates, the ActZero approach ensures seamless protection.
We use cloud-based messaging every day for emails, files, and messaging. The major providers behind these tools often fall short in detecting unauthorized access and data theft. When such incidents are flagged by an MDR, immediate action is essential to disable the compromised account and prevent further data breaches. Teams must act swiftly to reset accounts and notify relevant authorities and customers, particularly in cases of potential wire fraud where time is of the essence to prevent financial losses. ActZero not only offers automated response but also provides a comprehensive guide to expedite communication with the appropriate authorities or privacy offices within 24-72 hours, depending on your industry, to mitigate potential damage.
While we all love our smartphones, they are also involved in 33% of ransomware breaches. ActZero addresses this gap by extending MDR capabilities to mobile platforms, safeguarding against app-based breaches, credential phishing, and malicious software exploits across Android, iOS, and Chromebook devices. Automated and active responses buy your 24/7 response team time to contain attackers. For most, the cost of inaction or attempting to build such capabilities in-house is prohibitive. With ActZero's MDR services, businesses can bolster their security posture and safeguard against evolving cyber threats.