by Jasmine Chennikara-Varghese
What keeps you up at night? Is it the thought that despite the security measures you put in place, there are threat actors out there aggressively plotting to bypass those measures, exploit vulnerabilities or obtain stolen credentials to get to your critical data – and they may be successful? You are not alone as most security professionals in today’s digital age recognize that every company is at risk for data breaches.
Organizations are under constant threat and know that it is a question of when – not if – they will be breached. When a breach does occur, what do you have in place to mitigate its impact? The financial impact of a breach is influenced by the time to discover the breach, the time to determine the data stolen, the number of records stolen and the type of data stolen. According to 2017 Ponemon Cost of Data Breach Study, the average global cost for each lost or stolen record containing sensitive and conﬁdential information is $141. The per record cost varies by industry with health care organizations and financial services leading with an average per record cost of $380 and $245, respectively. The cost of a breach escalates when consumers and patients take legal action for compensation of exposed personal sensitive data. Take the example of the health insurer Anthem who experienced a 2015 cyberattack that impacted almost 79 million individuals. There is now a consolidated class action lawsuit against them which could result in a $115 million settlement.
The faster the data breach can be identified the lower the costs, but breach discovery can take months. The 2017 Ponemon Cost of Data Breach Study found that the mean time to identify a data breach is 191 days and the average time to contain the breach is 66 days. In the case of Equifax, the data breach occurred from mid-May to July 2017, was discovered at the end of July and was publicly disclosed in early September. The personal data stolen from Equifax could have been maliciously leveraged within the more than 60-day time period before the public was notified.
A breach can go undetected for a long period due to the diversity and complexity of the IT infrastructure, including the use of cloud-based applications and mobile devices. The array of disparate security solutions requiring expert skills to decipher and correlate security events also leads to additional time to detect, escalate, investigate and assess the breach.
Data breaches can be discovered internally or via notification from an external third-party or law enforcement. But breach identification is not enough. If you do not have the right visibility in place, managing the breach investigation can snowball into a large convoluted effort. Typically after a breach, application and network security teams scramble to determine the data records leaked. Pinpointing the leaked data can require manual retrospective analysis of activity data, assuming there are any archived activity logs to analyze. Investigations on potential events may also require security and/or application experts who have the in-depth knowledge and homegrown tools to analyze the application, systems and networks.
Having visibility into the activity against sensitive, personal and confidential information that is vulnerable or a potential target is a necessity to reduce the time to mitigate the damage from a data breach. With deep application visibility, you can ascertain what data was stolen. Was it personal data, credit card data, credentials, account numbers, personal health data or company financials? How many records were stolen and how many customer, employees and patients are impacted?
Greenlight Technologies accelerates the breach investigation with continuous application monitoring and analysis. Archived historical information on who accessed critical data and which records were accessed provides focus to investigations on activity anomalies. Greenlight’s data monitoring capability helps minimize security risks and ensures security teams are protecting their company’s most important assets (i.e. critical business data) by providing application level security intelligence, business context, and real-time analytics. Learn more about using Greenlight for rapid analysis of your business data activity across the enterprise application landscape for faster detection and visibility into data breaches.