When organisations suffer a cyber security breach, the costs and impacts can be significant, and some never recover from the damage caused. The raw costs of that breach could be upwards of $400,000, and that doesn’t factor in reputational damage or other intangibles. At the extreme end, when Equifax suffered a data breach two years ago, it resulted in a class action settlement of US$425m, on top of US$1.4b in related costs and the early retirements of its CEO, CIO and CSO.

 

Detecting a Data Breach

 

A number of studies have found that it takes an organisation on average 196 days from the data breach occurring to its discovery. Effectively that means it could be six months between your critical data walking out the door and you realising that it has gone.

In fact, this delay in detection allows the breaches to come in waves. The first attack typically accesses and steals key data, the second uses the organisation’s computing resources to generate crypto currency or as a base to launch other attacks and in the third wave, ransomware is deployed to take out your systems or encrypt your data. In each of these waves it might be a different criminal party involved, with the system exploit information on-sold each time.

 

Finding Your Security Balance

 

We are in a world where organisations have been moved off their “security balance” as a result of:

  • constantly evolving and escalating cyber threats
  • updated regulatory requirements
  • digital transformation
  • the move to cloud-based ‘as a service’ technology models, and
  • continued consolidation and mergers in the vendor community.

This has made the threat of breach very real, so it’s important to take a risk-based approach to cyber security that factors in technology, people and process.

 

A Risk-Based Approach to Cyber Security

 

We’ve found from NIST SP 800-53 assessments (security testing to US Department of Defence standards) that businesses, as a rule, are OK with identification, protection and recovery from cyber attacks, but there is a consistent shortfall in areas of detection and response. To address this gap, organisations need to shift their thinking from the security problem to the solution.

The reality is, it is near impossible to detect and respond to every threat, so it’s important that you start by prioritising high value assets and identifying the most likely security risks and scenarios in the context of your specific industry and your own environment.

In this way, companies can make better-informed investment decisions which are aligned to the business, by understanding the likelihood and impact of potential attacks and the range of methods likely to be used by attackers. And, by telling the story of specific use cases and breaches in plain English, these risks can be better understood across the organisation, driving better user behaviour and a stronger security culture.

It is important that organisations track their maturity in the areas of continuous monitoring and an improved risk status by using a scientific, data-driven set of metrics to demonstrate improvement.

In our next post, ‘A Framework for Continuous Cyber Security Improvement’ we will look at the benefits of establishing a cyber security framework and assessing and managing the lifecycle of vulnerabilities rather than taking a point-in-time approach.

In the meantime, if you’d like to learn more about improving the time between initial breach and detection, we’re here to help. Simply provide your contact details here and we’ll have an Interactive Security Expert get in touch.