How can a company minimise the impact of a data breach?
7 December 2021 | 0
In association with CyberHive
Data breach – the words that strike fear into any IT team. But the reality is, they happen constantly across the globe, and around 60% of global CISOs agree that human error is the biggest cyber vulnerability in 2021.
Some of us may not know how or what technically causes a data breach, but we maybe more familiar with the chaotic results of a breach – the loss and unapproved access to confidential information or funds. Furthermore, we are talking about the data not only owned by you, but also anyone else connected to you, is up for grabs to the threat actors.
The subsequent financial burden, fraud, disruption and damaged reputation are the lasting wounds left by a breach. It is troubling to think about, let alone experience.
Nonetheless, it’s easy to be dismissive about cyber safety, in the interest of ease and usability – have you ever delayed that system update, or used an easy password when you are in a rush?
The flippant ‘it will be fine’ mentality needs to change as the statistics on cybercrime are growing, with no signs of stopping. Even with a fifth of businesses wanting to invest further in cyber security professionals, whilst addressing the impact of remote working on company security, there is often a lack of understanding on where to begin.
The Irish Economic Crime Survey 2020 revealed the startling trends that are impacting Irish and global organisations – the most prevalent forms of economic crime are cybercrime, customer fraud and asset misappropriation. 69% of Irish respondents experienced cybercrime in the last 24 months. With 20% of those respondents not even sure just how much they had lost to economic crime. These findings are particularly alarming as Ireland is Europe’s largest data hosting cluster.
The Covid-19 pandemic has allowed fraud to become more proliferate, creating more targets from the thousands of remote working employees who are now communicating outside of their conventional office IT environment.
From ransomware, phishing, malware, to brute force and denial of service, there’s a variety of ways a breach can affect your business. In short, there isn’t one foolproof way of cyber resilience for companies, as there are so many different types of attacks. The list is growing and developing in scale and complexity, with cyber criminals showing no mercy when it comes to how and who they choose to attack.
Meta (Facebook) is one the largest social media platforms out there, spending $13 billion on cyber security in the last five years alone. But in April 2021 the personal data of 533 million users was exposed on a hacking forum, including phone numbers, past locations, names, and e-mail addresses. Even Meta with an almost trillion dollar market cap isn’t safe, and has experienced its share of data security issues.
More recently in November 2021, Web hosting company, GoDaddy discovered a massive data breach, that went undetected for two months. The breach not only affected their 1.2 million customers, but six other connected companies that resell GoDaddy hosting services.
There are so many other data breach horror stories out there, but it’s clear to see that the point here is that – it’s not a case of ‘if’ a data breach happens, it’s a case of ‘when’. So what do you do when you have a data breach? How can you minimise the damage?
Rapid detection is key. On average, it takes companies 287 days to detect and contain a data breach (IBM, 2021), a week longer than the prior year. That is well over nine months (sometimes longer) of unauthorised access to your system, of them snooping and ‘casing the joint’ before instigating an attack. Imagine how much information could be gathered in that time. But once they have infiltrated your network, you need to be protected and alerted to their presence.
Having full control and sight over a network is a huge benefit but you need to know what to look for in amongst the huge number of normal everyday legitimate events, sifting out just the abnormal or unusual actions, identified as threats.
A robust process of finding, ranking and addressing risks should be essential. Enhancing technology and monitoring is a great step, but this is just part of the answer. Do not underestimate how important it is to educate all employees on why they should remain vigilant, cyber aware, and also know what the consequences of data breaches are.
Employees should always be taking steps to safeguard not only themselves, but all the information they handle on a daily basis on behalf of the business, its partners, and customers.
Statistics have shown us that the human is the weakest link in cyber security, with human error the main factor in 95% of cyber attacks.
CyberHive concentrates on factoring out this human error risk. All of their solutions are underpinned by the segregation of duties, so no single error can cause a loss of data security.
CyberHive’s patented Trusted Cloud technology, developed with the University of Oxford, delivers real-time intrusion detection to protect critical infrastructure, before any damage is done. With the evolving digital landscape, more sophisticated challenges are just round the corner.