Data Loss Prevention, Employee Monitoring

Major Breaches Highlighting Importance of Visibility in the Workplace

By Dr. Christine Izuakor

Rapidly detecting an incident can be the difference between the survival or closure of a company after a cybersecurity breach. The longer it takes to detect, the more costly it becomes, and visibility plays a vital role in that process. As companies struggle to detect the foul play, contain the incident and coordinate response, without adequate enterprise visibility, the extent of the damage is likely to increase. A 2018 report disclosed that it takes companies an average of 197 days to detect a breach. That’s over half of a year in which the bad guys are exploring a company’s network and potentially stealing valuable assets. On the bright side, another study found that companies with automated visibility enabling tools were able to detect incidents fifteen times faster than the average. To further illustrate the importance of solving these challenges, here are three notable breaches where stronger visibility investments on the victims part could have changed the outcome of the breach.

Office of Personnel Management (OPM)

The Office of Personnel Management (OPM) cybersecurity data breach was one for the books when it comes to visibility. It resulted in the theft of more than 22 million data records. And while we’ve seen dozens of breaches surpassing this amount of leaked accounts, the level of sensitive information and details surrounding the breach made this security failure unforgettable. The data loss included information such as fingerprints, security clearance documents, social security numbers, and more highly sensitive information from government systems. The post-incident report cited a “lack of visibility” as the main factor in the success of this breach. Years before the breach was discovered, the attackers made their way into the network and allegedly installed malware to steal essential documents regarding the organization’s infrastructure, operations, and more. The attackers were able to pose as legitimate employees to create a backdoor on the network and move further in their attacks. The malware went undetected by OPM for several years. All of these activities are events that can be alerted on with the right monitoring and visibility tools. Unfortunately, OPM had limitations in this space that led to this visibility failure.

Uber Ride Share Company

In 2016 the famous ride-sharing company, Uber, experienced a massive breach of security. The mishap resulted in the exposure of 57 million Uber customer records and cost the company an estimated 148 million dollars. While the time to detect the incident was better than the average, at 60 days to discover, the notifications to customers were delayed for almost a full year. When it comes to breaches, it’s not only important to detect when something has happened, but also respond promptly. Such prompt response requires that organizations can understand and diagnose attacks quickly, understand what and who is impacted, and rapidly communicate. While Uber received most of the backlash for the time wasted trying to cover up the incident, a key lesson here for all companies is that it’s essential to have processes and technology that can help not only detect events but quickly confirm details to ensure critical decisions can be made regarding response, including customer notification.


Undoubtedly one of the most publicized breaches of the decade, the Equifax breach impacted almost half of the entire U.S. population. While numerous security gaps contributed to the success of this attack, one crucial issue was also regarding lacking visibility. Reports concluded that the company failed to update devices used to monitor network traffic, leaving some critical systems. Without these assets properly functioning, they had limited insight into activity on essential parts of the network, especially information on what was leaving the network. Early and timely insight is crucial. If the company was able to notice the suspicious traffic and user activity early on, they could have detected and taken steps to mitigate the impact of the breach. Almost $700,000 in settlement fees and fines later, it’s too late to wish for a different outcome. The company can only continue on the road to recovery.

What you can do to avoid this fate

There are a few key lessons we can learn from these examples. One of the most important is that monitoring technology is a critical component of a cybersecurity strategy. Trying to protect what you cannot see is a guaranteed way to waste often scarce cyber resources delivering inadequate protection for limited devices. Another best practice is that while it’s essential to focus on network monitoring, end users can also be a great source of insight. Visibility into what’s been done with user accounts by employees can also shed light on abnormal transactions or behavior. For example, if you notice that a marketing intern’s user account has been leveraged to access and export unreleased application code for new technology, there may be a problem. Without the ability to analyze user behavior, it’s almost impossible to consider this kind of context when judging how risky network or user activity is. Veriato’s Smart Monitoring Technology can fill this need.


These breaches, like many, are inevitable. No matter how hard you try and how prepared you are to prevent cyber attacks, something malicious is bound to get through. What then matters is your ability to quickly detected and response to such risks. Those who fail to invest in technology and programs that can help increase visibility into network and user activity will likely find it harder to combat these risks.
The Office of Personnel Management, Uber, and Equifax all have one thing in common; they suffered massive breaches in the last decade. And cybersecurity visibility was cited as a critical enabler in the success of the breach. To avoid this fate, companies must build visibility into their security strategies. To learn more about enterprise visibility, check out related blogs on (a guide to smart monitoring).

2023 Preparedness Checklist: Ensure Your Workforce Is Productive and Secure

This guide will help you understand where there are opportunities and risks in your workforce, and what you can do to make sure 2023 is as secure and productive as possible with workforce behavior analytics.

About the author

Dr. Christine Izuakor
Dr. Izuakor is the Senior Manager of Global Security Strategy and Awareness at United Airlines where she plays a critical part in embedding cyber security in United’s culture. She is an adjunct professor of cyber security at Robert Morris University, and independently helps corporations solve a diverse range of strategic cybersecurity challenges.

Productivity & Insider Risk Resources

A More Insightful, Proactive Approach to Employee Monitoring

A More Insightful, Proactive Approach to Employee Monitoring

Also known as “bossware” and even “employee surveillance”, employee monitoring has been placed in the bucket of technologies that companies force on their employees. Whatever you call it, its use is on the rise and it looks like it’s here to stay. As of 2022, 60% of...

Bossware and the Future of Work

Bossware and the Future of Work

Recently, there has been considerable coverage of “bossware” and a focus on draconian types of “surveillance” some companies are using to stay on top of remote and flexible workforces. Articles claim companies are accessing the camera on laptops and tracking every...

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...