#NSBCS.087 - Prevention is Cheaper Than Recovery: What IBM’s Latest Data Breach Report Tells Us

Prevention is Cheaper Than Recovery: What IBM’s Latest Data Breach Report Tells Us

Every year, IBM publishes its Cost of a Data Breach report, and every year, the message becomes clearer: prevention pays off. The 2025 report shows that while breach costs are slowly trending down globally, the average cost for Australian organisations is still sitting at USD 2.55 million. And for most businesses, recovery takes months. What really stands out this year is the role of AI. It's helping defenders react faster, but it's also giving threat actors new tools to scale their attacks. The takeaway? The best time to reduce the cost and chaos of a breach is before it happens.

So what can organisations do? IBM offers five clear recommendations:

• Tighten access controls for both people and systems: Limit who can access sensitive systems and data. Make sure only the right people have access.

• Secure your data, especially AI data: Understand where your sensitive data lives, and protect it with strong encryption and access controls. This is especially important if you're using AI tools that rely on or produce sensitive data.

• Treat AI security and AI governance as one: Make sure your security, compliance, and business teams are working together to monitor how AI is used and prevent 'shadow AI'- unauthorised or unapproved tools slipping through.

• Use AI to improve security, not just operations: You can use AI to detect threats earlier, automate responses, and reduce the load on your security team.

• Build cyber resilience, not just defences: Assume that things will go wrong eventually. Test your incident response plans, know how you’ll recover quickly, and train your team so they’re ready if an incident occurs.

At NSB Cyber, this is something we’re passionate about. Our Resilience team works with clients to build the kind of cyber security foundations that helps prevent breaches - not just respond to them. In our view, cyber resilience is all about building systems, habits and guardrails that make it harder for a breach to happen in the first place and take #NoStepsBackward.

Want to dive into the full report? Read IBM’s 2025 Cost of a Data Breach Report here

What we read this week

• Microsoft's August 2025 Patch Tuesday Addresses 111 Vulnerabilities Including Kerberos Zero-Day - Microsoft has released its August 2025 Patch Tuesday updates, resolving 111 security flaws across Windows, Office, Exchange Server, and other products, with 16 rated critical for remote code execution risks. Key issues include CVE-2025-53779 (BadSuccessor), a zero-day in Windows Kerberos allowing unauthenticated attackers to escalate to domain admin privileges via delegated Managed Service Accounts, and CVE-2025-53786, enabling pivots from on-premises Exchange to cloud environments like Office 365. Additionally, flaws like CVE-2025-53766 in GDI+ and CVE-2025-53733 in Word pose high-severity threats without user interaction. With over 29,000 vulnerable Exchange servers exposed, organisations face potential full Active Directory compromise and data exfiltration. Administrators should prioritise immediate patching, manual configurations for Exchange fixes, and monitoring for exploitation attempts, especially as no active attacks on the zero-day are confirmed yet.

• CISA Includes N-able N-central Flaws in Known Exploited Vulnerabilities Catalogue Due to Active Exploitation - The U.S. Cybersecurity and Infrastructure Security Agency has added two critical vulnerabilities in N-able N-central, CVE-2025-8875 (insecure deserialization) and CVE-2025-8876 (command injection), to its Known Exploited Vulnerabilities catalogue amid ongoing attacks since early August 2025. These flaws, scored CVSS 9.8 and 9.3, enable unauthenticated remote command execution on the remote monitoring and management platform used by MSPs, affecting Windows, macOS, and Linux endpoints. Exploitation could lead to unauthorised access, data breaches, and network compromise. N-able released patches on August 13, 2025, for versions 2025.3.1 and 2024.6 HF2. Organisations must update immediately, enforce multi-factor authentication, and limit external exposure to prevent further incidents.

• Adobe Patch Tuesday Fixes 60 Vulnerabilities Across Multiple Products - Adobe's August 2025 security updates tackle 60 vulnerabilities in products like Commerce, Substance 3D, InDesign, FrameMaker, Dimension, and others, including critical remote code execution and privilege escalation flaws. No active exploitation has been reported, but the broad impact could allow attackers to compromise systems handling creative and e-commerce workflows. Users should apply patches promptly to mitigate risks of unauthorised access and data tampering.

• Charon Ransomware Targets Middle East with APT-Style Tactics Linked to Chinese Threat Actors - Trend Micro researchers have detailed the Charon ransomware variant's deployment against Middle Eastern public sector and aviation entities since mid-2025, employing advanced persistent threat methods like DLL side-loading and evasion of endpoint defences. Potentially tied to China's Earth Baxia group, the attacks involve legitimate files for initial access, leading to encryption and data exfiltration. This highlights evolving ransomware sophistication, urging multi-layered defences, timely patching, and behavioural monitoring to detect such intrusions.

• Fortinet and Ivanti Release August 2025 Patches for Critical Vulnerabilities - Fortinet has warned of CVE-2025-25256, a critical OS command injection flaw in FortiSIEM (CVSS 9.8) with public exploit code available, allowing unauthenticated code execution. Ivanti's updates address multiple issues in its products as part of the monthly cycle. Both emphasise risks of network compromise, recommending immediate upgrades, version migrations, and restricted access to vulnerable systems.

References

• https://thehackernews.com/2025/08/microsoft-august-2025-patch-tuesday.html

• https://thehackernews.com/2025/08/cisa-adds-two-n-able-n-central-flaws-to.html

• https://gbhackers.com/adobes-august-2025-patch-tuesday-fixes-60-vulnerabilities/

• https://www.darkreading.com/threat-intelligence/charon-ransomware-apt-tactics

• https://www.securityweek.com/fortinet-ivanti-release-august-2025-security-patches/