Data breaches: Preventing and responding
It seems as though every day, there’s news of another data breach. As the threats of data breaches continue to evolve, organizations must prepare to respond. Best case scenario, organizations will take precautionary steps to prevent breaches whenever possible.
But why are data breaches such a prevalent threat to the modern enterprise? Claudette McGowan, Chief Executive Officer at Protexxa, explains, “We’ve seen this rush to digitize everything. As this world is changing and going from physical to digital, we’ve seen ourselves now not just working within the four walls of our organizations, but now working from remote locations on different devices. As a result, we’re seeing the attack surface is growing.”
The transition from physical spaces to digital spaces increases the attack surface, drawing the attention of malicious actors.
“As the attack surface broadens, it increases the opportunity for attack. This is very attractive to cyber criminals who are looking for ways to get into the system,” McGowan states. “As we move to cloud, as we move to interconnected systems, this is a dream for threat actors. They used to have to get through the firewall, but now they can get through the Wi-Fi at an employee’s home, the Wi-Fi at a local coffee shop, or somewhere else.”
Not only are malicious actors motivated by greater accessibility to an organization’s systems, but they are also encouraged by the potential for profitability.
“It’s just so lucrative,” McGowan says. “I’ve talked to threat actors before, and they’ve said things to me like, ‘Two hacks, and I’m able to support two generations of my family, because this is such a significant win. And what’s the ramifications if I get caught? What’s the punishment?’”
The ease of performing a data breach coupled with the perceived lack of consequences makes this a tempting avenue for cyber criminals. However, organizations impacted by a data breach cannot claim the same lack of consequences.
The ramifications of data breaches for organizations extend beyond lost or exposed data. McGowan describes potential repercussions, stating, “For many businesses, their main asset is trust. When organizations are breached, that trust is broken. That includes broken trust with the internal stakeholders, the external stakeholders and the general public. So, we certainly see the financial and reputational implications of being breached.”
McGowan asserts that trust isn’t only broken in the event of a data breach. It can also be broken if organizations do not adequately prepare for potential breaches.
Trust is the commodity. Trust is what we all want to secure, and the loss of it could cause irreparable harm to your brand, your image and your profitability.”
Claudette McGowan
Chief Executive Officer
Protexxa
“If you don’t put the controls in place to prevent or reduce the likelihood or the impacts of an attack, then trust can be lost,” she warns. “Trust is the commodity. Trust is what we all want to secure, and the loss of it could cause irreparable harm to your brand, your image and your profitability.”
Why are Organizations Failing at Data Breach Prevention and Response?
Many organizations are aware of the danger of data breaches and have taken measures to mitigate them. However, McGowan warns that several businesses’ prevention methods are falling short because visibility is lacking.
“Visibility is essential. If an organization doesn’t understand what they have, what the potential attack surface looks like, then they have a big problem,” McGowan explains. “The real time ability to look for threats, to look for that needle in a haystack, that is where many companies are failing. When I go into the company, one of the first things I ask them is, ‘Tell me about all your assets. Tell me about your inventory.’ And they’ll say, ‘Oh, the inventory is a mess.’ That’s how I know that their cybersecurity program is not working, because if they can’t see everything and they’re not tracking everything, then how can they be protecting everything?”
How to Respond to Data Breaches
In the event that a data breach occurs, how should organizations respond? McGowan recommends laying a foundational response plan.
“Number one thing is to have a plan and a playbook,” she says. “In the middle of an emergency situation, people need to know what to do. If you’re in a fire, you stop, drop and roll; you look for the exits. For data breaches, you have to have that same plan and playbook.”
Establishing a plan isn’t the only steps an organization should take to prepare for breaches. Security leaders should also help to facilitate company-wide readiness training. Once a plan is recorded and circulated to employees, security leaders must implement opportunities for practicing.
“Businesses need to exercise their preparedness plan,” McGowan states. “Make sure everyone understands their role. Who’s the incident commander? Who’s calling the shots? Many times, organizations spend a lot of precious moments figuring out who the incident commander is and how to contact them, and that’s time you don’t have to waste.”
For individuals more involved in the technical side of managing data breaches, McGowan extends an additional piece of advice: “The number one technical action you need to take is containment. Minimize the attack. Disconnect from systems, shut things down. That’s really, really important so that the forensic work can begin.”
How to Prevent Data Breaches
While organizations must be prepared to manage data breaches, most would agree the ideal scenario would be to never experience a breach at all. To minimize the chances of being subjected to a data breach, businesses should take preventative measures. McGowan discusses two key steps companies can take to block breach attempts.
“First, take regular audits. Do regular assessments. Check on how your systems are doing, check on how your people are doing,” she advises. “Second, work with a zero trust mindset. We need to verify everything. We need to authenticate everything. We need to monitor everything and make sure that before you offer access to the system, you’re making sure that you’ve done those extra checks. In technical terms, that’s things like turning on multifactor authentication.”
Remember the Human Element
Adopting security-oriented mindsets and deploying authentication checks are excellent tactics to combat data breaches. Nevertheless, McGowan advises companies to not forget the pivotal role of human management.
“Among the breaches you’ve heard about, a majority of them happen through a person,” McGowan points out. “A blind spot among many companies is not considering their people when securing their organization. While you can do a lot with the firewalls and with the endpoints and the network, don’t miss the human side of cyber, which is the people.”