Myths and beliefs are hard to dispel, and cybersecurity is no exception: ” EDR and an antivirus are pretty much the same thing”; “only large companies need EDR and you need a lot of resources to manage it”; “it’s just another solution in an IS that degrades performance”….
Do you need to convince your board that it’s a good idea to equip yourself with EDR, but you’re still coming up against the above statements? The following is for you!
Improving organizational security: the sinews of cyber warfare for CISOs and CIOs
Cybersecurity budgets have risen by more than 5% of the total IT budget, with 63% of respondents planning to allocate more to protective devices, and 54% to increasing staff numbers. In addition, 82% of those surveyed plan to acquire new solutions.
Also, according to a barometer published by Cesin & OpinionWay in 2023, in France,EDR has become a reality for 81% of the companies surveyed, and 60% of them use innovative offers proposed by start-ups.
But beyond the choice of technology, we still find that in the field, the subject of cybersecurity is still too often de-prioritized for reasons of budget or team availability. So, yes, trends are changing, but preconceived ideas persist. Which ones?
Preconceived ideas about cybersecurity that you’ll have to get rid of
Let’s turn to our 4 myths about cybersecurity. Here are a few preconceived ideas we still hear regularly:
- Myth #1: “ EDR is only an enhanced antivirus, I’m not going to pay for two tools.”
- Myth #2: “ EDR is only suitable for large companies because it only detects advanced threats that don’t target small businesses.”
- Myth #3: “EDR implies having a large team with resources to operate it, ensure detection and remediation, it’s too expensive.”
- Myth #4: “I already have a SIEM, why add yet another product? Besides, the impact of an additional solution on performance could be detrimental to user productivity.”
Have you ever heard these words, or even said them, or at least thought them? Let’s confront these myths with reality.
EDR is not an antivirus
Phishing emails increased by 1265% in 2023, boosted by ChatGPT, Quishing also saw a 587% increase that same year, and the number of ransomware victims jumped by 143% globally.
The threat is real, and attacks can occur despite the presence of cybersecurity tools such as antivirus or EPP. They can generate alerts and block threats, but they can’t do everything on their own. What’s more, they don’t allow for in-depth investigation and remediation.
So, in order to learn from incidents and strengthen protection, an EDR also enables to collect the data needed to understand how the attack occurred, where the attacker went… in order to facilitate investigation and analysis work and ensure better Information System protection.
Cyber attacks affect all organizations, regardless of size or market.
The proof is in the pudding: cyberattacks affect all types of companies and local authorities, as was unfortunately the case for the town of Chalon-sur-Saône, the Mairie de Lille, Clestra Hausermann company…
SMEs are also highly exposed: in 2022 alone, they suffered over 330,000 attacks, and the consequences can go as far as receivership or bankruptcy.
A case in point is Clestra Hauserman, which suffered a €20 million loss in two and a half months as a result of a cyberattack, with the cost of the attack estimated at between €2 and €3 million. A cyber-attack leaves its mark, and Vincent-Paul Petit, former director of Clestra Hauserman, draws the following lesson: “IT risk is no longer just a matter for the IT/IS department, but for senior management”. Finally, as ANSSI reminds us in its latest report: SMEs suffer the most ransomware attacks. Cybersecurity is therefore a matter for all companies, not just the big CAC40 accounts!
Managing EDR requires resources, but these can be outsourced.
Every organization has its own organization. Managing EDR requires resources and expertise, but these are not necessarily available in-house. In fact, using a managed service provider (MSSP) not only reduces the burden on IT teams and costs, but also helps to increase the skills of in-house teams.
In addition, the increasing complexity of the market in terms of tools (SIEM, EDR, NDR, XDR…) is also a phenomenon that can justify relying on specialized partners for support. And the best part of all is that the range of support services on offer varies in price depending on the service required! Solutions exist for every budget, from turnkey support to in-house team training, as provided by La Poste, for example.
EDR : an essential building block in the fight against cyber threats
An analysis of the market, and more specifically of the MITRE tests of this year 2023 (over thirty solutions tested!!), shows that solutions are developing and multiplying, to such an extent that it can become complicated to understand who’s doing what.
What’s important to bear in mind is thatEDR is an indispensable element in endpoint threat detection, and is designed to be easily integrated into any architecture. What’s more, modern EDR solutions are optimized to minimize the impact on performance.
But beyond understanding the market and cybersecurity solutions, overcoming preconceived ideas is a real challenge for organizations. It’s all about mastering the business and financial risks and impacts of an attack.
What is the cost of a cyber attack?
While it’s not easy to demonstrate the ROI of a cybersecurity solution, identifying the costs or potential losses in the event of business interruption is a fairly straightforward task.
- Cost #1: Disruptions to business activities can even lead to shutdowns, which can result in financial losses. And that’s not counting the internal human consequences, linked to the fatigue and stress of the technical teams involved.
- Cost #2: In addition to financial losses, the brand image and trust of customers, users and investors can be damaged.
- Cost #3: Data loss, which can go as far as encrypting the entire IS and losing critical data or even intellectual property. Subsequently, attackers may monetize this data on the darkweb, and the organization may be subject to fines or prosecution.
- Cost #4: In the event of an attack, the cost of assistance in resolving the incident (technical expertise, tools to be put in place…) can be considerable. Prevention is definitely better than cure.
- Cost #5: The costs incurred in response to an attack are added to the financial losses, when they could have been avoided and smoothed out over time (tools, training, awareness campaigns, etc.)?
- Cost #6: Insurance premiums can increase significantly following an incident.
According to a study by IBM Security, the average cost of a cyberattack on data will reach $4.35 million in 2022, compared with $4.24 million in 2021, an increase of 13% in 2 years! In France, according to a study by Asterès, more than 385,000 cyberattacks will be recorded in 2022, at a total cost of 2 billion euros.
The solution: an EDR to save money?
Case studies. In the light of the above studies and case studies, there can be no doubt: EDR not only protects against cyber risks, it also helps to guard against the consequences.
When you consider that it’s not a question of ‘if’ you’re going to be attacked, but rather ‘when’, here’s something for decision-makers and board members to be aware of.
Let’s take a concrete example: the Centre Hospitalier de Dax, which is due to suffer an attack in 2022.
- The estimated cost of the cyberattack is €2.3 million;
- For this establishment, which has 4,000 endpoints, the budget for a managed EDR averages 180k;
- Based on this calculation, it would take more than 10 years for the cost of EDR + service to exceed the cost of the attack!
As this case study shows, the financial impact of a cyber attack is far greater than the cost of implementing aEDR project. Implementing a strategy to acquire detection technology EDR and monitoring services associated with an SOC is a key factor in reducing financial risks.
Implementing EDR technology also provides an immediate return on investment. Indeed, an EDR or XDR managed within a SOC may be required by insurers when applying for cyber insurance.
Last but not least, the diversity of technology and services on offer gives customers the opportunity to compare and compete, enabling them to choose the solution that best suits their budget and specific needs.
In a nutshell: how EDR can help you deal with cyber threats
- The economic impact of an attack is real, and EDR can help you save money.
- Protecting data and expertise means protecting an entire organization – and a sovereign solution that hosts data in Europe!
- A cyber attack has an impact not only on business and sales, but also on customers, users and investors. Reputations can be permanently damaged if a service is unavailable or data stolen. EDR contributes to preserving an organization’s reputation, and the confidence of its stakeholders.
- More and more insurance companies are asking to be equipped with tools, and in particularEDR, to cover certain cyber risks. Some are even offering reduced rates! With EDR , you can also optimize costs in this area.
To find out more:
listen to “Testimonials from cyberattacks: they’ve been through the worst“;
and read: “How the city of Caen escaped the worst thanks to HarfangLab‘s EDR “.
And once equipped with EDR, why is the role of the human still central?
In this article, we explain why expert analysis is still essential for investigation:
This article was written with the help of Sarah Salis, whom I’d like to thank warmly!