That’s right: there was no way around it. You invested heavily in automated solutions, protected the endpoints against malware, shielded the network using a good firewall, and conducted security awareness campaigns for all your associates. Despite all that, your company was blindsided by leaked data (credentials, credit cards, sensitive information...) that belonged to your clients and/or employees. What now? What can you do?
First of all, it is crucial to emphasize that, unfortunately, this kind of thing happens. Security is a continuous and incremental process, which means that at any given moment there is indeed a possibility that the criminals are one step ahead of you. And therein lies the importance of investing not only in prevention, but also in a mitigation strategy in case an incident of this sort occurs.
Of course, we must not sugarcoat it: data leakage will always have negative consequences for a corporation, including financial losses and damage to its public image. However, there do exist some ways to attenuate these consequences to every possible extent; it all depends on the affected brand’s quick response, organization and transparency.
Think fast!
A worldwide survey conducted by IBM in 2018, in partnership with the Ponemon Institute, showed that, on average, companies took 197 days to identify a cyber incident and another 69 days to contain the damage. This means that in a great number of cases the criminals had more than six months of free access to a given brand’s corporate server, financially exploiting their most sensitive data.
Needless to say, the longer a leak is “active,” the greater the consequences will be, since the cybercriminals will have plenty of time to profit by stealing information, causing direct damage to the consumers. To illustrate, imagine a credit card administrator who is able to identify an attack as soon as it occurs. She can suspend the affected cards before they can be used for fraudulent operations.
That same IBM survey showed that companies that managed to reverse a leak in less than 30 days were able to save approximately one million dollars. The average cost of an episode of this sort is around $3.86 million, an amount that justifies investing in solutions that help to identify incidents beforehand, including monitoring services that comb the web in search of any indications of a leak.
After a data leak, transparency is everything
It’s natural that companies—especially the larger ones—are a bit afraid to tell their public about a possible data leak. However, keeping it secret and “sweeping it under the rug” is the worst possible stance to adopt, and affects your credibility even more. In a recent interview given to the Digital Guardian blog, Oleksandr Maidaniuk, quality solutions manager for Ciklum Interactive Solutions, explained that both the internal team and the public must be duly informed.
“Normally, that strategy will minimize not only the negative impact of an IT incident, but also (when correctly implemented) will show that the company is a transparent and trustworthy partner, able to operate correctly even in a critical situation,” he stated.
According to IBM, post-leakage communication costs an average of $740,000. After all, employees, strategic partners and media relations must be dealt with, email notices must be dispatched quickly, communications with the media must be prepared, and so forth. It’s essential to remember, however, that the GDPR (General Data Protection Regulation) requires that every cyber incident be reported to the competent authorities, along with a detailed containment plan.
Mitigating, understanding, improving
After identifying the leak and duly communicating it to those involved, the time has come to combat it. That includes working with the authorities for possible subsequent investigations and removing the malicious content from the web. And, most importantly, understanding it. Knowing the factors that led to the incident is crucial in order to prevent the situation from recurring.
An investigative report released this year by Verizon found that most leaks (48%) are caused by a sophisticated cyberattack, while 27% are brought on by human error. Despite what most of us think, software failures (the infamous “bugs”) are responsible for only 25% of the episodes. Verizon points out, however, that within the realm of “cyberattacks,” it is very common (80%) for the invaders to use stolen credentials, including those obtained through phishing.
After conducting an audit and uncovering the breach in your security strategy, it becomes possible to bolster your associates’ training and awareness, and to identify needs for new automated services. A solution that pinpoints attempts at fraud and protects your team from threats coming through email, for example, may be essential for boosting your company’s defense.
We are journalists, but we are also hackers - we aim to solving problems by analyzing them in a creative way and by making different manners of using the tools that we have.