In 2024, the global average cost of a data breach was $4.88 million per company, according to IBM. This year, the global cost was projected to hit $10.5 trillion, a 15% YOY growth. Companies that use security AI and automation as part of their preventive measures save an average of $2.2 million. The highest cost incurred? Breached data stored in public clouds ($5.17 million). The percentage of data breaches involving data stored in multiple environments? 40%.
In other words, cybercrime remains highly lucrative for nefarious actors and extremely costly for businesses and organizations that fall victim to these breaches.
Understanding the threat landscape
Your data is a target. Cybercriminals actively try to steal money, damage your reputation, commit espionage, or achieve other harmful goals. These bad actors exploit technical weaknesses and environmental factors, creating a constant stream of threats that significantly increase the chance of exposing an organization’s confidential information, resulting in a data breach.
Today’s hackers still rely on established tactics, but they’re enhancing their approaches with technological advancements to amplify the damage, volume, and impact of familiar threats. Artificial intelligence (AI) has made it easier for cybercriminals to deceive users and bypass security defenses. AI-powered threats, including social engineering, phishing, deepfakes, and adversarial attacks, are hard to detect and mitigate.
Many companies have system vulnerabilities that cybercriminals can find and use as the first step in causing a data breach. Zero-day exploits pose a significant risk. Bad actors exploit an unknown or unaddressed security flaw to launch a zero-day attack, enabling them to install malware, steal data, or compromise your organization’s systems and data.
Enter MDR, a robust cybersecurity solution
Managed Detection and Response (MDR) is a cybersecurity service that combines cutting-edge technology with human expertise to provide around-the-clock monitoring, threat hunting, and incident response capabilities. It doesn’t simply generate alerts. MDR actively investigates and addresses the threats. While essential for bigger companies, it’s just as important for smaller organizations.
- Proactive threat detection: MDR providers proactively search for threats and vulnerabilities that might evade traditional defenses, stopping attacks before they can cause significant damage.
- Faster response times: MDR’s 24/7 monitoring and rapid incident response capabilities significantly reduce the time it takes to contain and remediate security incidents, which minimizes potential downtime and damage.
- Access to cybersecurity expertise: MDR bridges the gap in cybersecurity talent by providing access to highly skilled analysts, eliminating the need for companies to hire their own experts.
- Reduced burden on internal teams: MDR offloads the responsibility of continuous security monitoring and response, empowering internal IT teams to focus on other strategic initiatives.
- Cost-effectiveness: MDR provides enterprise-grade security at a fraction of the cost of building and maintaining an in-house Security Operations Center (SOC).
- Improved compliance: MDR services can help organizations meet complex regulatory requirements by customizing threat detection and response solutions to align with industry standards and regulations.
- Enhanced security posture: MDR helps improve an organization’s overall security position by identifying and eliminating vulnerabilities and continuously adapting defenses in response to an evolving threat landscape.
Key features of MDR
MDR works similarly for any business, combining advanced technology with human expertise to provide comprehensive, proactive, and cost-effective cybersecurity protection, regardless of the company’s size. Here are two potential use cases.
Healthcare organizations
24/7 continuous monitoring and threat detection: Constant surveillance of networks, endpoints, and cloud environments to identify suspicious activity impacting electronic health records (EHR), medical devices, including IoT devices like smart infusion pumps or ventilators, and clinical systems. MDR services use AI-driven analytics, behavioral analysis, and threat intelligence to detect and analyze threats in real-time.
Proactive threat hunting: Dedicated security analysts actively search for hidden and sophisticated threats targeting healthcare environments. They will look for ransomware, insider threats, and vulnerabilities within medical devices and third-party integrations.
Rapid incident response and remediation: Swift action to contain and neutralize threats, isolating infected devices, blocking malicious traffic, and preventing malware spread. MDR teams prioritize minimal disruption to patient care during incident response and recovery.
Compliance and regulatory support: MDR services help healthcare organizations meet strict regulations, like HIPAA and GDPR, by implementing security measures, providing audit support, and generating incident reports.
Security posture optimization: Regularly assess and enhance security measures, identify vulnerabilities in medical devices and software, and implement continuous improvement plans to strengthen defenses.
The Synnovis cyberattack
In June 2024, Synnovis, a diagnostics provider working with major London hospitals, became the victim of a ransomware attack that crippled its lab services, causing significant delays in patient diagnostics and disrupting medical procedures.
A cascade of operational challenges marked the immediate aftermath. Hospitals faced severe limitations in processing blood tests, leading to the cancellation of thousands of outpatient appointments and hundreds of inpatient procedures, including vital cancer treatments and surgeries. The attack also caused a critical blood shortage in the affected areas, as the inability to properly type and cross-match blood forced hospitals to rely on universal O-negative blood.
Despite efforts to restore operations, the attack resulted in prolonged downtime and raised serious concerns about the continuity of patient care. Investigations linked the Synnovis cyberattack to at least one patient death and nearly 600 reported patient safety incidents. The financial impact was also substantial, with the company reporting estimated losses exceeding £32 million. The incident also highlighted vulnerabilities within the broader healthcare ecosystem, particularly regarding third-party vendors and the potential for a lack of multifactor authentication to serve as an entry point for sophisticated threat actors like the Qilin ransomware group, which claimed responsibility for the attack.
Financial institutions
Continuous monitoring and advanced threat detection: 24/7 monitoring of networks, applications, databases, and customer-facing platforms (internet banking, mobile apps) to identify fraud, data breaches, and insider threats. MDR leverages advanced techniques like behavioral analytics, AI, and machine learning to detect anomalies in financial transactions and user behavior.
Proactive threat hunting: Experts proactively sweep for sophisticated threats, including business email compromise (BEC), ransomware, and nation-state-sponsored attacks targeting critical financial infrastructure.
Rapid incident response and mitigation: Immediate containment and eradication of threats to minimize financial losses and disruption of banking services.
Regulatory compliance support: Assistance in meeting regulations like PCI DSS and GDPR through continuous monitoring, reporting, and incident management.
Fraud detection and prevention: Specialized detection capabilities to identify and prevent various types of financial fraud, including wire transfer fraud, account takeover, and credit card fraud.
Third-party risk management: Evaluate and manage the security risks associated with third-party vendors and financial partners who have access to sensitive financial data.
MDR saves Midwest Credit Union
In October 2022, Michigan-based Midwest Credit Union, which manages $140 million in assets, faced a direct phishing attack. Its MDR service successfully intercepted and neutralized the threat, preventing what could have been a devastating breach. In this case, an employee inadvertently opened a phishing email, but the MDR service detected and contained the threat, preventing the spread of the attack and protecting the credit union’s sensitive data.
Choosing the right MDR service
Navigating cybersecurity is a complex business, especially when it’s not your specialty. When it’s time to hire an MDR service, consider:
- Identifying your current pain points: Are you overwhelmed by alerts? Do you lack in-house security expertise or 24/7 monitoring capabilities? Are you struggling with compliance?
- Assessing your existing security tools: What technology do you have in place now (e.g., firewalls, endpoint protection, SIEM)? A good MDR provider should integrate seamlessly with your existing infrastructure.
- Determining your critical assets: What data, systems, and applications are most vital to your operations? Knowing this information helps an MDR provider tailor their service to protect what matters most.
- Outlining your specific security goals: Do you want faster incident response, better threat detection, or improved compliance?
Ready to take that step? Consider talking to Scott Kuperman, TeamLogic IT director and CREA United member. If you’re a commercial real estate investor or looking for a specific property to meet your company’s needs, we invite you to speak with the professionals at CREA United. This organization includes CRE professionals from over 90 firms representing all disciplines within the CRE industry, including brokers, subcontractors, financial services, security systems, interior designers, architects, movers, IT specialists, and more.
