The longer a breach goes undetected, the more embarrassing it is for the organisation in question. Take Yahoo as an example: the company not only allowed criminals to steal three billion users’ records but also took nearly two years to identify and disclose the incident.
By the time Yahoo’s customers were told that their data had been lost, the criminals (later revealed to be Russian hackers) had already been given plenty of time to do whatever they wanted with the information.
On average, it takes organisations 191 days to detect a data breach, according to Ponemon Institute’s 2017 Cost of Data Breach Study. That is more than six months, and when it takes that long to spot, it limits what organisations can do to mitigate the damage.
If a breach is spotted quickly, organisations can take control of the situation, setting up helplines and sending security emails to affected customers, who can in turn change their passwords, check for fraudulent bank transactions, sign up for a credit monitoring service or do whatever else is necessary.
To help organisations identify breaches sooner, breach detection platform provider Lastline lists seven tips:
- Bring in cyber security experts: It sounds obvious, but employing people who know what they’re doing is essential for effective cyber security. However, finding them can be hard, and it will only get harder, according to (ISC)2. The organisation released a report in February 2017 claiming that the cyber security skills gap will grow to 1.8 million by 2022.
- Stay up to date: The cyber threat landscape is constantly evolving, so it’s important that your organisation evolves with it. This means making sure your employees and technology are up to date with new attack methods and the ways criminals exploit organisations.
- Use data breach detection tools: As well as maintaining systems, servers and applications, organisations need to have in place modern breach detection tools. Lastline writes: “Although security budgets have increased during the last few years, many organisations are still purchasing and deploying old technology. Unfortunately, these legacy products are no longer effective at preventing modern breaches.”
- Use global threat intelligence: According to The SANS State of Cyber Threat Intelligence Survey, organisations that use global cyber threat intelligence have faster and more accurate response times and are better equipped to identify, detect and prevent new threats.
- Monitor your organisation: To detect and investigate security incidents more effectively, security analysts need to be able to see the key indicators of compromise. This includes network-level telemetry, logs and events from underlying infrastructure, applications and security systems.
- Monitor attack campaigns: Conventional malware detection products only allow you to see point-in-time threats, generating notifications as individual events occur. This often means security analysts are left chasing an endless number of irrelevant alerts. Organisations that focus on attack campaigns, not just individual alerts, are able to spot breaches early.
- Provide regular staff awareness training: Negligence is often a huge factor when it comes to breaches. Organisations should provide all their employees with regular training on how to identify attacks and vulnerabilities, and what they should do next. Training should occur at least annually, or following any security incident.
Everyone in your organisation should be prepared
As the final tip shows, cyber security isn’t just the domain of security professionals. Staff are one of the leading causes of data breaches, whether they’re acting maliciously or not.
Our Information Security Staff Awareness E-Learning Course helps your employees understand their obligations to keep data secure, making your organisation much less susceptible to breaches.
This course uses clear, non-technical language, covering everything from password security and creating and maintaining backups to the threat of phishing and the importance of secure networks. It’s ideal for anyone in your organisation who handles data or uses the Internet as part of their job.