Data breaches are increasingly common as organizations across the globe continue to wake up to the reality that it’s a question of when, not if, they will fall victim. In a 2020 report on cyber security breaches, the UK government revealed that nearly half (46%) of businesses experienced a breach between Q2 2019 and Q2 2020. Of those impacted, almost a third (32%) admit to facing breach attempts at least every week.
In line with these revelations, IBM’s 2020 Cost of a Data Breach Report cites the average cost of such a breach to be USD 3.86 million, with healthcare being the most lucrative industry (average cost of USD 7.13 million) and the time to detect and contain such a breach taking, on average, up to 280 days.
In response to the rise in breaches, the European Union General Data Protection Regulation (GDPR) and similar regulatory bodies have been created in recent years to ensure organizations maintain a certain standard when it comes to the control and protection of their data, and are therefore prepared to detect and mitigate breaches more efficiently. Failing to meet these standards can mean sizable fines for the victim organizations, a move the regulators hope will encourage businesses to do all they can to remain secure.
Steps to take in the wake of a breach
A successful breach against an organization doesn’t mean lights out, and there is still much a SOC team can do to limit financial losses and reputational damage:
- Assess the fallout: Once a breach has been discovered it is vital to identify its reach and impact on critical infrastructure. In doing so, security teams will begin to understand the security vulnerabilities that allowed this to happen, as well as the intruder’s motivations and the tools that have been used.
- Control the damage: After the initial damage has been done the next step is to prevent it from spreading. This means taking preventative steps to ensure the attack doesn’t move across the organization, such as re-routing network traffic or isolating the compromised network.
- Keep an account: The SOC team should log any steps that have been taken in response to the breach, including any changes made to the affected systems and the amount of damage caused at each stage of the process.
- Alert compromised customers: While it can be difficult to admit to customers that their information is at risk, doing so promptly can mean the difference between them remaining secure or being compromised as a result of your breach. Alerting customers of a breach should only be delayed if an enforcement agency is involved and doing so will compromise the investigation.
- Alert law enforcement: As well as alerting customers, law enforcement agencies, such as the Federal Bureau of Investigation (FBI) in America or the UK’s Information Commissioner’s Office (ICO), should be alerted immediately. Doing so will give them the best possible chance to assist in combating an incident.
Each of these steps can help reduce the fallout of a breach after the fact, but real mitigation means taking proactive steps to bolster security measures before a breach occurs.
Mitigating a breach before it ever happens
Organizations that are aware of what a future breach could cost them and are ready to take the steps to avoid that scenario should invest in technologies designed to detect and mitigate potential future attacks, ideally in (or as close as possible to) real-time.
Blueliv’s Threat Compass is one such solution, and is available immediately to help organizations proactively prevent, detect, and remediate data breaches, and can be pivotal in reducing the cost of a breach, mitigating fallout, or preventing a breach altogether. Threat Compass comprises several key tools to ensure your organization stands the best possible chance in avoiding data breaches and is prepared to radically reduce the damage should a successful attack take place. This includes:
Precise threat intelligence
Threat intelligence is integral in understanding threat actors, CVEs, campaign patterns, and currently favoured TTPs, and can paint a picture of the evolving threat landscape facing organizations, as well as empowering powerful threat hunting within an organization. By understanding the threats out there, and the characteristics of those behind them, SOC teams can quickly begin to anticipate and train for specific attacks and gather a precise understanding of the most common and dangerous attacks they are likely to be hit with, and prepare accordingly. In the wake of a successful breach, threat intelligence can provide invaluable insights into exactly what went wrong whilst offering the intel needed for swift remediation.
Stolen credential protection
Now, more than ever, your organization’s credentials are at risk; remote working is at an all-time high, security perimeters are stretched thin, and the average employee is using the same login information across multiple sites and platforms. Criminals are aware of this, with 81% of breaches now being a result of stolen credentials as they fine-tune the art of stealing and monetizing passwords to later be used for infiltration or ransomware deployment. Blueliv’s Credentials Module is the antidote to stolen credentials, providing SOC teams with actionable intelligence about their leaked credentials and the ability to intercept this information as it moves from malware-infected users to crimeservers, ensuring a proactive defence for your organization.
Until 28th February 2021, Blueliv is offering a free month of the Credentials Module to help businesses rise to the challenge of credential theft. Find out more about the limited offer and sign up here.
Proactive threat monitoring
Proactive threat monitoring helps organizations to identify any external risks facing them in real-time, allowing them to not only see threats before they arrive but also ensure their security perimeter is adequately robust, making the organization less appealing to would-be attackers – after all, when faced with a choice, attackers will always opt for the option with the weakest perimeter.
In the case of a breach, it is important that victim organizations are able to prevent fraudulent use of their stolen data. Threat intelligence gathered from underground criminal communities offers organizations insights into the motivations, methods, and tactics of threat actors – especially when this intelligence is correlated with information from the surface web – that would have otherwise been unfathomable, and can be used to prevent payment fraud, the sharing of stolen credentials, and up to date typosquatting domains being used by criminals looking to leverage stolen data to impersonate your brand and wreak further havoc.
Threat intelligence can also assist organizations looking to ensure they continue to comply with legal and regulatory requirements, such as the GDPR mentioned at the beginning of this blog, be it evaluating their processing capabilities or adhering to a specific risk-based approach to their security practices, such as the case for the EU’s NIS Directive.
Blueliv can help modern businesses reduce the chance of data breaches ever occurring, and drastically mitigate its effects and costs if it ever does. If you already fear your data has been exposed, our Threat Compass solution can help you identify, intercept and validate it across the web, swiftly tracking down user credentials, documents, intellectual property, customer information, or other sensitive data.
We search far and wide to secure your data, scanning dark web forums and engaging with threat actors to purchase data samples on your behalf.
Reach out to our team if you want us to help you find your data post-breach, or if you’re ready to put security measures in place to safeguard your data.