The longer a breach goes undetected, the more embarrassing it is for the organisation in question. But what’s a good target for identifying an incident?
According to Ponemon Institute’s 2018 Cost of a Data Breach Study, it’s 100 days. The average cost of an incident discovered within this timeframe was $5.99 million (about €5.3 million), but if it takes longer, the average rises to $8.7 million (about €7.7 million).
Common causes of data breaches
Data breaches are often very hard to prevent, but that’s not to say they’re difficult to anticipate. Almost all incidents are caused by one or more of the following:
Weak and stolen credentials
Stolen passwords are one of the simplest and most common causes of data breaches. Far too many people rely on predictable phrases like ‘Password1’ and ‘123456’, which means cyber criminals don’t even need to break into a sweat to gain access to sensitive information.
Even moderately secure passwords can be cracked with the help of a computer programmes that run through millions of the most popular credentials, so you need to think hard to create something original whenever you choose your password. You’re also vulnerable if you leave your password written down or use the same phrase for multiple accounts.
All software has technical vulnerability that crooks can exploit in countless ways. That’s why the organisations that maintain those programs routinely look for and address exploits before they are discovered by criminals.
Any time a vulnerability is fixed, the software provider releases a patch, which needs to be applied by the organisations that use the program. This must be done promptly, because crooks – now alerted to the vulnerability – will be actively looking for organisations that are still exposed to the threat.
Malware is a perfect example of just how simple cyber crime can be. Crooks purchase a piece of malicious software, find a system that contains a known vulnerability, plant the malware and scoop up the rewards.
What those rewards are depends on the type of malware. It could be anything from a keylogger, which tracks what a user types into a machine, to ransomware, which locks a system and demands payment for the user to regain access.
Many of your employees will have access to sensitive information, and there’s always a chance that someone will try to misuse it. That sounds cynical, but unfortunately the lure of financial gain from selling data on the dark web is too great for many.
Employees are also susceptible to use sensitive information maliciously if they are disgruntled at work or have left the organisation under poor terms and still have access to its systems.
Employees don’t have to act maliciously to commit a data breach. They might simply make a mistake, such as including the wrong person in the Cc field of an email, attaching the wrong document or losing a laptop.
How to detect a data breach
To help organisations identify breaches sooner, breach detection platform provider Lastline lists seven tips:
Bring in cyber security experts:
It sounds obvious, but employing people who know what they’re doing is essential for effective cyber security. However, finding them can be hard, and it will only get harder, according to (ISC)2. The organisation released a report in February 2017 claiming that the cyber security skills gap will grow to 1.8 million by 2022.
Stay up to date:
The cyber threat landscape is constantly evolving, so it’s important that your organisation evolves with it. This means making sure your employees and technology are up to date with new attack methods and the ways criminals exploit organisations.
Use data breach detection tools:
As well as maintaining systems, servers and applications, organisations need to have in place modern breach detection tools. Lastline writes: “Although security budgets have increased during the last few years, many organisations are still purchasing and deploying old technology. Unfortunately, these legacy products are no longer effective at preventing modern breaches.”
Use global threat intelligence:
According to The SANS State of Cyber Threat Intelligence Survey, organisations that use global cyber threat intelligence have faster and more accurate response times and are better equipped to identify, detect and prevent new threats.
Monitor your organisation:
To detect and investigate security incidents more effectively, security analysts need to be able to see the key indicators of compromise. This includes network-level telemetry, logs and events from underlying infrastructure, applications and security systems.
Monitor attack campaigns:
Conventional malware detection products only allow you to see point-in-time threats, generating notifications as individual events occur. This often means security analysts are left chasing an endless number of irrelevant alerts. Organisations that focus on attack campaigns, not just individual alerts, are able to spot breaches early.
Provide regular staff awareness training:
Negligence is often a huge factor when it comes to breaches. Organisations should provide all their employees with regular training on how to identify attacks and vulnerabilities, and what they should do next. Training should occur at least annually, or following any security incident.
Prevent breaches and comply with the GDPR
Avoiding data breaches not only helps you save money and protect your reputation but also ensures you avoid penalties under the GDPR (General Data Protection Regulation).
Fortunately, the GDPR acts as a guide as well as a punishment. By following its requirements, you can be sure that you’re doing everything you can to protect yourself from data breaches and avoid regulatory action.
Anyone looking for advice on how to ensure their organisation is implementing GDPR’s requirements correctly should consider our upcoming training courses. Depending on the level of advice you’re looking for, you might be interested in:
- Certified EU GDPR Foundation Training Course on 29 April and 27 May in Dublin.
- Certified EU GDPR Practitioner Training Course on 30 April–3 May and 28 May–31 May in Dublin.
- Certified EU GDPR Foundation and Practitioner Combination Course from 29 April.