Information Technology

The average cost of a data security breach has hit another record-high of $4.35 million per incident, growing 12.7% over the past two years. And some businesses are passing the buck to customers, even as the cost of products and services has climbed amidst inflation and supply chain constraints. This year’s figure was up 2.6% from last year’s $4.24 million per breach, according to IBM’s 2022 Cost of Data Breach report, which further revealed that 83% of companies surveyed had experienced more than one data breach. Conducted by Ponemon Institute, the report analysed 550 organisations across 17 global markets that were impacted by data breaches between March 2021 and March 2022.Just 17% said this was their first breach. In addition, 60% said they increased the price tag on their products and services due to losses suffered from the data breach. They also continued to chalk up losses long after the breach, where almost half of such costs were incurred more than a year after the incident. Organisations in the US saw the highest average cost of a breach, which climbed 4.3% to $9.44 million, followed by the Middle East region where the average cost clocked at $7.46 million this year, up from $6.93 million in 2021. Canada, the UK, and Germany rounded up the top five pack, chalking at average losses of $5.64 million, $5.05 million, and $4.85 million per breach, respectively. Six markets, including Japan, South Korea, and France, amongst the 17 markets analysed saw a dip in their respective average breach cost. Supply chains, user credentials fuel attacksAcross the board, companies took an average of 207 days to identify the breach and 70 days to contain it, down overall from last year’s average of 212 days to identify and 75 days to contain the breach.Some 19% of breaches were the result of supply chain attacks, costing an average $4.46 million and clocking a lifecycle of 26 days longer than the global average of 277 days, which measured the combined time to identify and contain a data breach. Supply chain breaches were due to a business partner being the initial point of compromise. Human errors, which encompassed negligent actions of employees or external contractors, accounted for 21% of incidents, while IT failures–the result of disruption or failure in a company’s IT systems that led to data loss–were behind 24% of breaches. The latter included errors in source codes or process failures, such as automated communication errors. Some 11% of breaches were ransomware attacks, up from 7.8% last year and at a growth rate of 41%, but the average cost of such attacks dropped slightly to $4.54 million from $4.62 million in 2021. Attacks from stolen or compromised credentials remained the most common cause of a data breach, accounting for 19% of all incidents this year, the report found. Breaches from stolen or compromised credentials cost an average $4.5 million per incident and had the longest lifecycle of 243 days to identify and 84 days to contain the breach. Phishing was the second-most common cause of a data breach, accounting for 16% for overall attacks, but the costliest with an average $4.91 million in losses. Amongst sectors, healthcare suffered a record-high average breach cost of $10.1 million, up almost $1 million from 2021 and sealing its ranking as the most expensive industry. In fact, the sector’s breach costs had climbed 41.6% since 2020. The financial services sector recorded the second-highest average breach cost of $5.97 million, followed by pharmaceuticals, technology, and energy at $5.01 million, $4.97 million, and $4.72 million, respectively. The average breach cost for organisations running critical infrastructures was $4.82 million, which was $1 million more than the average cost for organisations in other sectors. Critical infrastructure companies were from sectors that included financial services, energy, transport, healthcare, and government. Amongst these organisations, 28% experienced a destructive or ransomware attack and 17% pointed to a compromised supply chain partner. Mitigating losses with touted security strategiesThe IBM study also studied differences in the impact of a data breach amongst companies that had and had not adopted security strategies and technologies, such as zero trust, extended detection and response (XDR), and artificial intelligence (AI). The report noted that nearly 80% of critical infrastructure organisations without a zero trust strategy saw a higher average breach cost of $5.4 million, or $1.17 million more than those that adopted zero trust frameworks. Across the board, 41% of organisations said they had deployed a zero trust security framework, up from 35% last year, and the remaining 59% had not done likewise. In addition, those that deployed security AI and automation tools saw lower breach costs that were $3.05 million lower than their peers that did not implement any of such tools. They also took 74 days longer to identify and contain a breach than those that adopted security AI and automation technologies. The number of organisations that used such tools hit 70% this year, up from 59% in 2020. In addition, 43% of companies that were in the early stages or had yet to deploy security practices across their cloud platforms saw higher losses of at least $660,000 on average than those that had mature cloud security environments. Some 44% of breaches in the study happened in the cloud, with those occurring in a hybrid cloud environment costing an average $3.8 million, compared to $4.24 million for breaches in private clouds and $5.02 million in public clouds. At $4.99 million per incident, remote work-related breaches also cost almost $1 million more on average than breaches where remote work was not a factor. Some 44% of companies had implemented XDR technologies and they saw shorter breach lifecycles of about a month, on average, compared to their peers that had not deployed such tools who took 304 days to identify and contain a breach. Amongst organisations that suffered ransomware attacks, those that paid up clocked $610,000 lower breach costs–excluding cost of ransom–compared to those that chose not to pay.In addition, 62% of companies that said they were insufficiently staffed to support their cybersecurity needs saw an average $550,000 higher breach costs than those that were adequately staffed.RELATED COVERAGE More

For iPhone owners, this is always a tricky question. It’s always worth checking the incentives offered by your carrier, which might end up making the cost of one model significantly better than you think. If you’re considering changing carriers, now is a good time to see what kind of enticements they’re offering to get you to switch. You might end up with a new phone for significantly less than you’d pay otherwise.Which model is right for you? We asked ZDNet’s iPhone expert, Jason Cipriani, to help spell out the differences:Deciding between an iPhone 12 and iPhone 13 can be tough. Both phones are very similar. They both have two rear-facing cameras, the same core display tech, support 5G connectivity and run the latest version of iOS. However, there are some key differences that are sure to help you make your final decision one way or another.Those differences distill down to a new processor, battery life, storage, camera features and — if it’s important to you — color options. The iPhone 13 comes with Apple’s A15 processor while the iPhone 12 has the A14. Those numbers might not mean much, and even though my experience is that the iPhone 13 does perform better, it’s not something you should specifically seek out unless your budget allows.The iPhone 13 has slightly better battery life (19 hours for the iPhone 13 versus 17 hours for the iPhone 12), and the base storage for the non-Pro models has doubled to start at 128GB, instead of the iPhone 12’s 64GB starting point.The iPhone 13’s camera also has a few new camera tricks, including Cinematic Mode, which adds depth to your videos. There’s also a difference in color options, with the 12’s colors being brighter and more vibrant while the iPhone 13’s colors are darker, but still look fantastic.All told, the iPhone 12 is a very similar device to the iPhone 13. If you don’t care about the colors, storage, or a couple extra hours of battery and a performance bump, I think you’d be happy with the iPhone 12. However, if any of those factors are important to you, the iPhone 13 is the better investment.Side note: For those struggling with a similar decision regarding the iPhone 12 Pro and iPhone 13 Pro, then you should know there are some big differences between the two, especially when it comes to display technology.Specifically, the iPhone 13 Pro line has what Apple calls a ProMotion display, which means that the refresh rate of the screen maxes out at 120Hz compared to 60Hz on the iPhone 12 Pro. The impact of the faster refresh rate is that scrolling through long documents, in apps and even gaming all look smoother. Battery life goes from 17 hours on the iPhone 12 Pro to 22 hours on the iPhone 13 Pro, and you gain the ability to take macro photos using the rear cameras. More

Five technology giants including Twitter and Facebook have pledged to self-regulate and adhere to a new voluntary code of practice in New Zealand that aims to curb harmful online content. The move, however, has been dismissed as “window dressing” and an attempt to preempt regulation. Google, Meta, TikTok, Amazon, and Twitter agreed to sign up for the Aotearoa New Zealand Code of Practice for Online Safety and Harms, which “obligates” tech companies to “actively reduce harmful content” on their respective digital platforms and services in the country. The agreement includes Google’s YouTube, Meta’s Facebook and Instagram, and Amazon’s Twitch platforms. The move marked the launch of the code of practice, which came into effect Monday after a year of development efforts led by Netsafe, a non-profit organisation focused on online safety. Dependent on self-regulation, the code outlines principles and best practices that looks to improve online safety and cut harmful content. It can be applied to range of products and services that serve different user communities, addressing different concerns and use cases, according to Netsafe. The code focuses on seven themes under which content is deemed harmful, including cyberbullying or harassment, incitement of violence, misinformation, and child sexual exploitation and abuse.  Under the code, signatories will make “best efforts” to four key commitments that encompass reducing the prevalence of harmful online content, empowering users with more control and to make informed choices, enhancing transparency of policies and processes, as well as supporting independent research. Netsafe said: “It provides flexibility for potential signatories to innovate and respond to online safety and harmful content concerns in a way that best matches their risk profiles, as well as recalibrate and shift tactics in order to iterate, improve, and address evolving threats online in real-time.” It added that the code was not designed to replace “obligations” involved in existing laws or other voluntary regulatory frameworks. Instead, it focused on the signatories’ architecture comprising their systems, policies, processes, products, and tools put in place to combat the spread of harmful content.NZ Tech has been roped in take over the establishment and administration of the code. The not-for-profit NGO (non-governmental organisation) represents 20 technology communities and more than 1,000 members across New Zealand.Several digital platforms, including all the five tech companies that signed up for it, were involved in the initial drafting of the code. Feedback from civil society groups, interest groups, the government, and general public also was taken into consideration. The code will be monitored by a “new multi-stakeholder governance” group, Netsafe said, which noted that the code was built on online safety principles from Australia and EU. Companies that agreed to adhere to the new code of practice would have to publish annual reports about their progress in adherence with the code and would be subject to sanctions if they breached their commitments.Netsafe CEO Brent Carey said harmful content reports climbed more than 25% amidst increased online use fuelled by the global pandemic. “There are too many kiwis being bullied, harassed, and abused online, which is why the industry has rallied together to protect users,” Carey said. Code promotes model that avoids ‘real accountability’One industry critic, though, has hit out at the establishment of the code, calling it a framework that avoids change and accountability. Tohatoha NZ CEO Mandy Henk said in a post that the code seemed like a “Meta-led effort to subvert a New Zealand institution”, in a bid to claim legitimacy without having done work to earn it. “This is a weak attempt to preempt regulation, in New Zealand and overseas, by promoting an industry-led model that avoids the real change and real accountability needed to protect communities, individuals, and the health of our democracy,” Heml said. “This code talks a lot about transparency, but transparency without accountability is just window dressing. In our view, nothing in this code enhances the accountability of the platforms or ensures those who are harmed by their business models are made whole again or protected from future harms.”Tohatoha NZ is a not-for-profit organisation that advocates public education of the social impacts of technology. Henk said the processes that led to the Aotearoa New Zealand Code of Practice revealed that the minds behind it had “no awareness” of the imbalance of power between users and online platforms and had no interest in correcting this inequity.He also noted that NZ Tech was an advocacy group that lacked the expertise or experience as well as community accountability to administer a code of practice of this nature. It was neither impartial nor focused on the needs of those harmed by the tech platforms, he added.He further called out Netsafe for being involved in establishing the code, when its role as the approved administrator for New Zealand’s Harmful Digital Communications Act meant there was a conflict of interest. “It aligns [Netsafe] too closely with the companies impacted by the Harmful Digital Communications Act and increases the risk of regulatory capture,” he said. “This code is a distraction from their core work of administering the Act, which is crucially important. NetSafe’s focus should be on serving the New Zealand public and enhancing the safety of every New Zealander who uses the internet.”Henk instead urged the need for a government-led process to develop online content regulations. This would provide the legitimacy and resources needed to establish a regulatory framework that safeguarded the rights of internet users. He pointed to the Content Regulatory Review as the right step towards this direction. RELATED COVERAGE More

Image: Getty The battle against ransomware is challenging because not only are ransomware attacks extremely disruptive, but in many cases, victims opt to pay the ransom demand for a decryption key – fueling additional ransomware attacks because criminals know they can make easy money.  However, one scheme continues to take the fight to ransomware gangs […] More

Photo by Brooke Cagle on Unsplash Sharing a computer with multiple people can be challenging, especially when it comes to protecting that PC against security risks. Whether you use a shared PC at home, in a home office, or in a small business, you want to ensure that everyone who uses that machine follows proper […] More

Image: Getty/Shannon Fagan You’re asked about the biggest cybersecurity threats faced by business – which ones spring to mind first? Maybe it’s relentless ransomware attacks, with cyber criminals encrypting networks and demanding vast sums for a decryption key – even from hospitals. Or maybe it’s a sneaky malware attack, which lets hackers hide inside the network for […] More

Oscar Wong / Getty Our mobile devices are now the keys to our communication, finances, and social lives — and because of this, they are lucrative targets for cybercriminals.  Whether or not you use a Google Android or Apple iOS smartphone, threat actors are constantly evolving their tactics to break into them.  This includes everything […] More

Shutterstock Hosting and managing your website can be tricky business. Scalahosting is here to help your website flourish with managed VPS hosting so you can host your website and but worry less about maintenance such as software installations, technical issue resolutions, and more. Right now, if you’re in the market for a new VPS hosting or […] More