The longer it takes an organisation to respond to a data breach, the worse the damage will be. Undetected breaches give cyber criminals more time to exfiltrate information, giving them more information and more opportunities to cause damage.
But how long should it take an organisation to identify and address an incident?
According to the 2021 Cost of a Data Breach Study, it’s 30 days. For incidents that are dealt with within this timeframe, organisations spend $1 million (about £930,000) less on average compared to those that took longer.
Unfortunately, the study found that not only do organisations struggle to address a security incident within 30 days, but many are unable to do so within six months.
In fact, according to the researchers, organisations take 187 days on average to detect a data breach, during which time the damage will escalate.
How can organisations get better at spotting data breaches? The best place to start is by understanding the most likely ways that a security incident will occur.
In this blog, we explain 5 of the most common causes of data breach and provide advice on how to identify them.
1. Weak and stolen credentials
Stolen passwords are one of the simplest and most common causes of data breaches. Far too many people rely on predictable phrases like ‘Password1’ and ‘123456’, which means cyber criminals don’t even need to break into a sweat to gain access to sensitive information.
Even moderately secure passwords can be cracked with the help of a computer programmes that run through millions of the most popular credentials, so you need to think hard to create something original whenever you choose your password.
You’re also vulnerable if you leave your password written down or use the same phrase for multiple accounts.
2. Application vulnerabilities
All software has technical vulnerability that crooks can exploit in countless ways. That’s why the organisations that maintain those programs routinely look for and address exploits before they are discovered by criminals.
Any time a vulnerability is fixed, the software provider releases a patch, which needs to be applied by the organisations that use the program. This must be done promptly, because crooks – now alerted to the vulnerability – will be actively looking for organisations that are still exposed to the threat.
Download our free guide: Cyber Security 101
You can find more tips on how to protect your organisation from data breaches by reading Cyber Security 101: A guide for SMEs.
It contains essential tips on the steps your organisation should take when developing a cyber security strategy, giving you the power to implement effective, affordable cyber security measures.
Malware is a perfect example of just how simple cyber crime can be. Crooks purchase a piece of malicious software, find a system that contains a known vulnerability, plant the malware and scoop up the rewards.
What those rewards are depends on the type of malware. It could be anything from a keylogger, which tracks what a user types into a machine, to ransomware, which locks a system and demands payment for the user to regain access.
4. Malicious insiders
Many of your employees will have access to sensitive information, and there’s always a chance that someone will try to misuse it. That sounds cynical, but unfortunately the lure of financial gain from selling data on the dark web is too great for many.
Employees are also susceptible to use sensitive information maliciously if they are disgruntled at work or have left the organisation under poor terms and still have access to its systems.
5. Insider error
Employees don’t have to act maliciously to commit a data breach. They might simply make a mistake, such as including the wrong person in the Cc field of an email, attaching the wrong document or losing a laptop.
Secure your organisation with penetration testing
One of the most effective ways to protect your organisation from data breaches is with penetration testing.
This is essentially a controlled form of cyber attack performed by an ethical hacker. The goal is to discover security weaknesses that a criminal hacker could exploit for malicious purposes.
Penetration testers use the same methods as criminal hackers, replicating their approach as closely as possible.
By doing so, organisations can see their systems in the same way as an attacker would – identifying not only vulnerabilities but the ways in which they are leveraged and the information that could be exposed.
Penetration testing comes in a variety of forms, with each type of test designed to identify specific weaknesses. You can, for example, conduct a penetration test to spot application vulnerabilities or identify employees who are liable to compromise sensitive information.
Tests can also be carried out to detect inadequate or improper configurations, to probe hardware or software flaws and to spot operational weaknesses.
You can find out more about penetration testing on our website. IT Governance is a CREST-accredited provider of penetration tests, and we have a variety of fixed-price testing packages that are suitable for any organisation.