How to detect a data breach

The need for speed

Data breaches can have serious financial consequences for organisations of all sizes. The faster a breach can be detected and contained, the lower the costs for the organisation. Having systems in place to help identify and contain breaches promptly should be a priority for all management teams.

With criminal hackers and malicious insiders causing the majority of data breaches, organisations need to strengthen their security posture and carefully consider all of their internal and external vulnerabilities.

Data breaches can be difficult to identify, as many attacks are cleverly designed by cyber criminals to be furtive threats that hide and dwell within systems for long periods of time. Organisations should put in place a threat-hunting strategy, ensure they perform regular sweeps and checks of their online environments, and continuously monitor for abnormal network activity.

Organisations must also deploy modern breach detection tools, and keep as up to date as possible with the constantly evolving threat landscape. Many organisations find it prudent to outsource at least some of their cyber security requirements, as it gives them access to current, specialist expertise.

Main causes of data breaches

According to Ponemon Institute’s 2018 Cost of a Data Breach Study, almost half of all data breaches are the result of a malicious or criminal attack, just over a quarter result from human error and a quarter result from a system glitch.

With so many data breaches caused by human error, it is not only external attacks that organisations need to consider. Implementing regular information security staff awareness training will remind employees to be vigilant, thereby reducing the likelihood of data breaches caused by staff slip-ups.

Common causes 

External threats:

  • Cyber criminals (including ransomware, malware and phishing attacks).
  • Suppliers that do not follow cyber security good practice (breaches may occur through accidental or deliberate actions).
  • Disgruntled ex-employees (leaking or stealing data).

Insider threats:

  • Employees who are untrained in cyber security good practice.
  • Careless employees who disregard cyber security good practice (leaving laptops on trains, sending bulk emails with all recipients visible).
  • Disgruntled or malicious employees (leaking or stealing data).

Cyber security is the responsibility of everyone, not just security professionals. With an evolving assortment of external and insider threats always on the horizon, organisations need to have in place a vigorous data security strategy, and identify and address their internal and external vulnerabilities.

Are you prepared?

The more you prepare your organisation for a breach, the smaller its impact, should one occur. Our new, free #BreachReady quiz will let you know how prepared your organisation is, as well as giving you a personalised summary of how you can improve your breach readiness.

Take the quiz >>