Too often, organisations fall into the trap of thinking that cyber security is only about preventing data breaches. Their budget is dedicated to anti-malware software, firewalls, staff awareness training and a host of other tools designed to prevent sensitive information falling into the wrong people’s hands.
But what happens when those defences fail? It’s a question all organisations must ask themselves, because even the most resilient systems can be compromised.
You can’t assume that an employee who has taken a training course will never make a mistake, or that a trusted third party won’t have a misconfigured database. Data breaches can happen to anyone, and you need a plan for when disaster strikes.
Your ability to detect a breach promptly and respond appropriately will make a huge difference to the costs you incur and the disruption you face.
A Ponemon Institute report found that organisations that can contain a breach within 30 days save more than $1 million (about £720,000) compared to those who take longer.
Despite this, few organisations invest in breach detection tools. In fact, not only do they struggle to spot a security incident within 30 days, they struggle to do so within six months.
According to Ponemon Institute, it takes organisations 187 days on average to detect a data breach, during which time the damage will continue to rise.
So what tools can you use to discover breaches sooner? Here are three to help you get started.
1. Provisions for remote working
Lockdown may be easing in the UK, but people aren’t rushing back in the office. Remote working will be a permanent part of our lives, with a Gartner survey reporting that 82% of organisations will let employees work from home at least one day a week.
It’s not simply a case of employees not having access to the same physical and network security that’s provided in the office, though.
There’s also the risk of them using personal devices that aren’t connected to the organisation’s network – or not securing or disposing of physical files with the same vigilance they would apply in the office.
Without the oversight that would apply in the workplace, it’s difficult for organisations to identify when they’ve been breached, because the damage occurs outside their systems.
For organisations to have any chance of detecting security incidents, they must ensure that as much work as possible is happening in an environment their security team can observe.
To do that, they must develop a remote working policy containing guidelines to manage risks. It may include requirements on removable devices, storing hard copies of data at home and network security, for example.
If you find yourself facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.
They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.
2. Patch management
One of the most common security mistakes that organisations make is failing to patch software. In fact, this simple error is responsible for as many as 60% of data breaches.
Why is this such a big problem? Many updates address security weaknesses, so not applying them leaves publicly known vulnerabilities that cyber criminals can easily exploit.
Even worse, attackers in most cases can exfiltrate the organisation’s data without raising an alarm. The incident may therefore only be revealed months or even years later when the information is discovered on the dark web or when customers start reporting suspicious activity.
However, organisations can avoid this by developing a patch management policy. This ensures that the organisation is aware when updates are released and that they are applied.
If for some reason software isn’t updated, you will be able to quickly identify this and review whether anyone exploited the vulnerability.
3. System monitoring
There are several inexpensive tools you can use to detect suspicious activity on your organisation’s networks.
This includes attempts to access privileged information (whether from an employee or external actor), login attempts from unusual locations and unusual activity related to the way information was viewed.
Monitoring this information gives you a head start when it comes to active or attempted system compromises.
You can use the information gathered from monitoring to shore up vulnerabilities and, if a breach has occurred, to quickly stem the damage and move promptly into the remediation process.
One solution that organisations may find particularly helpful is BreachTrak™. This service, offered by our sister company DQM GRC, provides breach monitoring support, enabling organisations to keep an eye on their data and discover unusual activity.
You won’t need to worry about your ability to spot a data breach as we’ll alert you whenever an unauthorised individual uses your sensitive data.