In the current landscape of cybersecurity, most CISOs have come to understand that breaches are inevitable – however, with early detection and remediation, organisations can significantly reduce the harmful impacts of a breach, writes Karl Swannie, Founder of Echosec Systems.
By Karl Swannie, Founder, Echosec Systems
Data breach recovery is only as successful as the time it takes to find and remediate the compromise. Thanks to reports like IBM’s 2020 Cost of a Data Breach, we know that damage scales with the length of a breach lifecycle. In the cybersecurity world, days can mean millions.
So why does it still take businesses 280 days, on average, to find and contain a breach? And what can CISOs and IT Managers do to minimize this timeframe and—as a result—financial and reputational losses?
There are a number of reasons why compromise often takes so long to detect and address. For one, enterprise cybersecurity is notoriously underfunded. According to ISACA’s 2020 State of Cybersecurity Report, 60% of respondents claim that their cybersecurity budget is either somewhat or significantly underfinanced. Underfunded cybersecurity programs usually lack the security infrastructure, personnel, and training required to avoid attacks or respond effectively when a breach inevitably occurs.
Organizations also sacrifice speed-to-information without security automation. According to IBM, fully deployed automation can reduce breach lifecycles by almost 25% compared to security systems with no automation. Attacks can fly under the radar if companies aren’t diligent about third-party compromise. And there’s the fact that, between nation-state actors, criminal groups, and the COVID-19 pandemic, attackers are becoming more sophisticated by the day.
We also know that early breach detection isn’t always about visibility into your internal systems and data feeds. Breach indicators are often first detectable on public online sources like deep and dark web forums, paste sites, and marketplaces where data is monetized or freely available. If you’re not including obscure online sources within your threat intelligence toolkit, you’re missing a potential opportunity to reduce detection and remediation time.
What’s At Stake: A Quick Recap
As a security professional, you’re probably well aware of the cost of late detection. According to IBM, enterprises with over 25,000 employees are looking at a breach price tag of $5.52M—but organizations can save an average of $1.12M if they shorten its life-cycle to under 200 days. This cost captures expenses related to crisis management, lost business, regulator communications, and victim response.
These numbers don’t include regulator expenses for non-compliance. For example, under GDPR regulations, breached organizations must report incidents within 72 hours or risk hefty fines in the millions. Businesses also risk potential lawsuits and the immeasurable cost of losing customer and stakeholder trust.
Early Detection & Remediation Strategies
How can you support earlier breach detection within your organization? The good news is that several solutions are within reach. Varonis suggests the following high-level strategies to minimize breach lifecycles:
- Invest more in comprehensive cybersecurity solutions, particularly those harnessing automation.
- Improve communications with executives and board members to factor cybersecurity concerns into org-wide budgeting and decision-making.
- Establish a dedicated cybersecurity and incident response team.
- Develop and routinely test a breach response plan so that you’re better prepared for remediation.
- Prioritize other cybersecurity best practices, such as limiting file permissions within the organization and educating employees about cybersecurity.
But that’s not all. We mentioned earlier that early breach indicators are often present on public online sources, such as the deep and dark web – sometimes even before a compromise is apparent on your systems.
Cybersecurity teams can avoid these blind spots by leveraging tools and data feeds that monitor a variety of hidden online spaces for mentions of your company or sensitive assets – like email addresses and other internal data. Improving data coverage isn’t the answer to early detection, but it can go a long way to support a more proactive solution.
Many of these obscure data sources, which include unindexed chan boards, forums, and paste sites, are not crawled by commercial threat intelligence solutions—which is why it’s important to examine data coverage when evaluating new vendors. Relevant sources emerge quickly on the deep and dark web. Your cybersecurity analysts don’t have time to navigate these sources manually for potential risks, so let your software do the work for them.
Most CISOs understand that breaches are inevitable. But with early detection and remediation, organizations can significantly reduce fiscal damages, protect their data subjects and IP, and preserve their reputation.
As attack surfaces increase through digital transformation and workforces turn domestic, early detection strategies are essential for business growth in 2021 and beyond.
About the Author
Karl Swannie is the Founder of Echosec Systems. Founded in 2013, Echosec Systems is an advanced digital threat intelligence technology provider that monitors data across mainstream social media, decentralized social networks, messaging apps and the dark web. Headquartered in Victoria, British Columbia, Echosec Systems has created a range of unique software solutions to provide organizations with an all-in-one toolkit to create an easy-to-understand, comprehensive picture of potential threats online, without the risk of drowning in data. Karl can be reached through LinkedIn and at Echosec.net.