Data breaches have always been a fear for businesses, even during the days of filing cabinets and folders. In a digital age where cloud-based services are now emerging at the forefront, major data breaches have become a far more prominent concern—and for good reason.
Attack attempts are on the rise, a prevention-based approach has never worked well, and the costs of a breach are varied and extreme.
GettyIn 2018 alone, the U.S. saw 1,244 data breaches with 446.5 million records exposed. Compare that to 2005 when there were 157 data breaches and 66.9 million records exposed.
Attack attempts are on the rise, a prevention-based approach has never worked well, and the costs of a breach are varied and extreme.
So where does that leave us?
Understand The Costs Of A Major Data Breach
In a recent report about the financial impact of data breaches, Kaspersky—a global leader in cybersecurity—indicated that the cost of enterprise data breaches is on the rise, from $1.23 million last year to $1.41 million this year.
When you think about the rippling effects of a data breach, it’s easy to see where this large cash flow ends up. In addition to paying regulatory fines in some cases, businesses are also funneling more money to third-party experts and PR agencies to manage and remediate the situation. All the while, the financial loss is probable as customers and prospects lose trust and move elsewhere for their needs—whether it’s a new bank, health insurer, or retail store.
This profit loss can come in other forms as well. Consider the 2016 Uber data breach that exposed the personal information of 57 million users and 600,000 drivers. Around the same time the breach was made public, Uber was in negotiations with SoftBank Group Corp. to sell a stake. The once $68 billion valuations came down to $48 billion, with analysts noting that the data breach was a significant factor.
To avoid financial ruins after a data breach, more businesses are investing in tools and technologies to prevent these crises in the first place. In 2018, enterprise cybersecurity budgets averaged to $8.9 million. That number has more than doubled this year—$18.9 million.
Within that broader investment, another trend is beginning to make itself clear: prevention is no longer the approach that makes the most sense. Organizations are pivoting to think about what happens after they’re hit.
Earning Back Trust After A Major Data Breach
Capital One suffered a huge blow earlier this year. In what’s viewed as one of the biggest data breaches to date, a hacker accessed 106 million customer and applicant records, exposing 140,000 Social Security numbers and 80,000 bank account numbers, among other information.
In the event of a data breach, crisis communication teams are under pressure to deliver news fast to stakeholders and customers alike. Not only do these parties want to know what caused the issue and if they should be concerned, but they also want to know what’s being done to prevent another data breach. After all, you can’t build a future without a foundation of trust.
In the case of the Capital One data breach, the hacker exploited a misconfigured firewall in the company’s AWS environment. This allowed the individual to access the credentials associated with the firewall and then use them to access files in the AWS environment. Capital One announced that they fixed this configuration vulnerability, would notify anyone affected, and would provide free credit monitoring and identity protection to those impacted by the breach.
While their experience serves as a good reminder of the importance of cloud security hygiene and policy enforcement, as well as an example of how to own up to a breach and win back customer trust, it also confirms a fact modern business has only recently begun to accept: stopping data breaches altogether is not in the cards.
Indeed, Gartner predicts an accelerating increase in security operations centers (SOCs) that incorporate threat hunting and incident response over the next few years. Especially in the cloud, where speed and flexibility are the name of the game, the ability to find and react to threats rapidly is crucial.
The State Of Threat Detection And Response
Intruders will always find a way to break in, but that’s not to say that businesses can’t minimize their impact and keep personal data secure. The good news is, most of the challenges organizations face in terms of threat detection and response are actually very specific, well-documented, and solvable.
They can largely be summed up by a single word: visibility.
The modern environment, or attack surface, includes a lot more than it did ten years ago. Cloud, IoT, and distributed enterprises make it a lot more difficult for organizations to see the full picture of every given piece at any given time. Meanwhile prevention-based strategies and tools focus on the perimeter of that attack surface, and try to keep things out.
That’s where you get Endpoint Detection and Response (EDR), logs, and Security Information and Event Management (SIEM)—tools that alert on, and track, suspicious activity, but aren’t able to provide the same level of visibility and detection within a network itself.
In recent years, and as recently as 2019, technology has finally begun to catch up to the expanding attack surface and meet a rising demand for better detection and response. Network Detection and Response (NDR) has emerged as the complement to outside defenses, providing the internal visibility and rapid response that previously would have required a dedicated and experienced team of threat hunters.
With this year’s announcement of traffic mirroring in AWS, internal threat detection and response is finally a reality in the cloud as well as for on-premises environments. Given the steady increase in data breaches and more sophisticated attack attempts, cloud-native NDR couldn’t have arrived too soon: you can’t prevent breaches altogether, but you can make sure your organization is able to respond immediately—and perhaps stop an attacker in their tracks.
Learn more in the free eBook, Beginners Guide to Network Detection and Response.
