Data breaches happen when organizations fail at fundamental data protection practices. Significant data breaches within organizations share three things in common. The high cost of breaches have long term financial effects, organizations have not fully appreciated the value of data as the lifeblood of their business and breaches are the result of multiple points of failure. Now more than ever, it is critical for every organization to make sure the basics of data-centric security are in place. It is not only the right thing to do, but also critical if organizations are serious about protecting their data.
Whatever approach is taken to data breaches, and wherever they occur, they all have three common characteristics.
- Breaches cost a lot. Estimates put financial losses of a severe event into the tens or even hundreds of millions of USD. Add on to that damage to brand and reputation, and ongoing financial and legal exposure.
- Breaches expose the fact that data is not being valued as much as it should. Data is value and those who guard that value have significant advantage over those who do not.
- Breaches pinpoint multiple points of failure within the business’ processes and procedures. Multiple processes and procedures had to fail for millions of customer records to be exfiltrated, and for that exfiltration to go undetected.
Organizations need to get their data protection fundamentals in order. They need to “be brilliant” at practicing data-centric security basics.
- Identify and harden high-value assets — establish which data is critical and make it difficult for adversaries to achieve their goals.
- Build up defenses through network enclaves — create environments to better monitor users and applications and block attackers.
- Execute a hunting program — adopt a continuous response model and use threat hunting teams to look for the next breach.
- Use adversary simulation and catastrophe scenarios — run scenarios to validate adversaries can be detected and practice your response.
- Scan applications — high-risk vulnerabilities and integrate security into the development cycle.
- Patch systems — introduce automatic notification when applications require a patch.
- Limit, monitor and segment access — use two-factor authentication and role-based access to make automated decisions about who can see which data and systems.
- Monitor anomalous and suspicious activity — monitor for unauthorized access, undiscovered threats and suspicious user behavior.
- Develop strategic and tactical threat intelligence — have a sustainable threat intelligence program that collects and curates threat intelligence.
- Create a security ecosystem — supplement internal talent with a diverse vendor support system.
- Prepare for the worst — transform your incident response plan into a crisis management plan.