Security breaches have been a concern to many individuals and organizations around the world. When cyberattacks take place, they can have a multitude of repercussions that can range from a minor operational nuisance to major disruptions, loss of assets, and even death. In 2017, The Equifax Breach became an iconic case where hackers managed to access highly sensitive personal information of over 147 million people. This case had a measurable impact on the organization with hundreds of millions of dollars in fines, reputational damage, and customer loss. It is worth noting that cases such as these are not uncommon, and can happen to anyone.
A security breach entails unauthorized access to physical or digital environments such as buildings, servers, computer networks, and more. On another note, a data breach happens when there is unauthorized exposure to personal, private, or confidential information. Cases of this nature may lead to the loss of valuable assets (data or otherwise). Not all breaches have a malicious component to it. It is also possible that an unauthorized actor manages to breach a layer of security without being able to reach their end goal.
There are multiple sources of security and data breach concerns that will often fall within three major areas:
An internal security breach is a continuous challenge that every organization has or can face one day. Let us analyze the following business case scenario: an employee misconfigured a cloud environment and left a major database pen to the public. Once the team realized, they followed emergency protocol and escalated the issue to the management team. This allowed the organization to take the necessary steps to close the gap, assess the damage, and take appropriate action towards the employee and organization as a whole.
Without the appropriate structure and strong management that allowed for a safe work environment, the employee may have decided to keep the issue under wraps. This could have led to further damage to the company’s assets and reputation. So, it is important to note that culture can also play a role in rapid security breach identification. Further, the organization would have failed to learn valuable knowledge from the issue, ensuring that something of this nature would not happen again.
To ensure that internal malicious or careless activity is mitigated while still providing a safe work environment, it is imperative that (1) a task force be built to investigate security breaches; (2) that the employee’s direct report remains out of the investigation within reason to avoid bias and (3) the appropriate systems (e.g. logs & monitoring tools) be in place to allow for the complete audit to occur. Failure to take the right set of actions can lead to further breaches, disruption, and distrust within teams, organizations, vendors, and customers.
When the roles and responsibilities are properly set and there are external auditors (external from the team), the checks and balances can help the company better manage risks to security. Nevertheless, managers should strive to provide a safe environment for employees to feel safe to report their errors and do the right thing. In addition, the task force would take the necessary steps to determine whether actions are needed with regards to human resources which can range from doing nothing, training, and practice reassessment to termination. Not all organizations have the resources to reach this level of delegation and training, therefore, it is important to consider the cost-benefit analysis accordingly.
The IRT is a group or department tasked with developing, implementing, and executing upon incident responses, security vulnerabilities, and best practices. Organizations with a robust structure, sizeable assets, and human capital will often find it essential to have IRTs to support its operations.
When, for example, a company’s laptop is lost or stolen, the Computer Incident Response Team (CIRT) may be alerted. Once that happens, as a first response, the team may be able to temporarily block all accounts associated with that computer, reach out to relevant establishments to support the identification and location of the asset, potentially activate GPS tracking, or even send a kill-switch. An organization with sizeable assets may quickly find an IRT paying for itself, as it serves as another layer of protection to the broader risk and cybersecurity management.
Small to medium-sized organizations may be faced with difficult circumstances, with options ranging from hiring small teams, outsourcing certain incidents and cybersecurity activities, providing limited support such as training, and system checks to doing nothing at all. As one reaches the lower threshold of the list, attack vectors can expand rapidly, leaving the organization, its assets, customers, and suppliers at risk.
As cybersecurity becomes more important to customers, suppliers, and organizations, it is imperative that establishments expand their current level of incident management to reflect market conditions.
In the past decade, many countries have come to realize the importance of implementing laws associated with governmental notification of security and data breaches in some areas. Such examples can be seen on the EU’s GDPR Art 33, Canada’s PIPEDA, and Australia’s amendment to the APP. For starters, to learn more about the countries that affect your operations, please refer to DLA Piper’s Data Protection Laws of the World.
Security and data breaches continue to grow in number, size, and scope as global economies continue to expand in size and digital assets. Data is the gold of the 21st century and with that, systems, users, infrastructure, applications, and actors will continue to evolve and become more sophisticated. The challenges to safeguard environments from security and data breaches will continue to grow and organizations, employees, and individuals will be required to take a proactive approach in securing their data and the data of its clusters.