Rapidly detecting an incident can be the difference between the survival or closure of a company after a cybersecurity breach. The longer it takes to detect, the more costly it becomes, and visibility plays a vital role in that process. As companies struggle to detect the foul play, contain the incident and coordinate response, without adequate enterprise visibility, the extent of the damage is likely to increase. A 2018 report disclosed that it takes companies an average of 197 days to detect a breach. That’s over half of a year in which the bad guys are exploring a company’s network and potentially stealing valuable assets. On the bright side, another study found that companies with automated visibility enabling tools were able to detect incidents fifteen times faster than the average. To further illustrate the importance of solving these challenges, here are three notable breaches where stronger visibility investments on the victims part could have changed the outcome of the breach.
Office of Personnel Management (OPM)
The Office of Personnel Management (OPM) cybersecurity data breach was one for the books when it comes to visibility. It resulted in the theft of more than 22 million data records. And while we’ve seen dozens of breaches surpassing this amount of leaked accounts, the level of sensitive information and details surrounding the breach made this security failure unforgettable. The data loss included information such as fingerprints, security clearance documents, social security numbers, and more highly sensitive information from government systems. The post-incident report cited a “lack of visibility” as the main factor in the success of this breach. Years before the breach was discovered, the attackers made their way into the network and allegedly installed malware to steal essential documents regarding the organization’s infrastructure, operations, and more. The attackers were able to pose as legitimate employees to create a backdoor on the network and move further in their attacks. The malware went undetected by OPM for several years. All of these activities are events that can be alerted on with the right monitoring and visibility tools. Unfortunately, OPM had limitations in this space that led to this visibility failure.
Uber Ride Share Company
In 2016 the famous ride-sharing company, Uber, experienced a massive breach of security. The mishap resulted in the exposure of 57 million Uber customer records and cost the company an estimated 148 million dollars. While the time to detect the incident was better than the average, at 60 days to discover, the notifications to customers were delayed for almost a full year. When it comes to breaches, it’s not only important to detect when something has happened, but also respond promptly. Such prompt response requires that organizations can understand and diagnose attacks quickly, understand what and who is impacted, and rapidly communicate. While Uber received most of the backlash for the time wasted trying to cover up the incident, a key lesson here for all companies is that it’s essential to have processes and technology that can help not only detect events but quickly confirm details to ensure critical decisions can be made regarding response, including customer notification.
Undoubtedly one of the most publicized breaches of the decade, the Equifax breach impacted almost half of the entire U.S. population. While numerous security gaps contributed to the success of this attack, one crucial issue was also regarding lacking visibility. Reports concluded that the company failed to update devices used to monitor network traffic, leaving some critical systems. Without these assets properly functioning, they had limited insight into activity on essential parts of the network, especially information on what was leaving the network. Early and timely insight is crucial. If the company was able to notice the suspicious traffic and user activity early on, they could have detected and taken steps to mitigate the impact of the breach. Almost $700,000 in settlement fees and fines later, it’s too late to wish for a different outcome. The company can only continue on the road to recovery.
What you can do to avoid this fate
There are a few key lessons we can learn from these examples. One of the most important is that monitoring technology is a critical component of a cybersecurity strategy. Trying to protect what you cannot see is a guaranteed way to waste often scarce cyber resources delivering inadequate protection for limited devices. Another best practice is that while it’s essential to focus on network monitoring, end users can also be a great source of insight. Visibility into what’s been done with user accounts by employees can also shed light on abnormal transactions or behavior. For example, if you notice that a marketing intern’s user account has been leveraged to access and export unreleased application code for new technology, there may be a problem. Without the ability to analyze user behavior, it’s almost impossible to consider this kind of context when judging how risky network or user activity is. Veriato’s Smart Monitoring Technology can fill this need.
These breaches, like many, are inevitable. No matter how hard you try and how prepared you are to prevent cyber attacks, something malicious is bound to get through. What then matters is your ability to quickly detected and response to such risks. Those who fail to invest in technology and programs that can help increase visibility into network and user activity will likely find it harder to combat these risks.
The Office of Personnel Management, Uber, and Equifax all have one thing in common; they suffered massive breaches in the last decade. And cybersecurity visibility was cited as a critical enabler in the success of the breach. To avoid this fate, companies must build visibility into their security strategies. To learn more about enterprise visibility, check out related blogs on (a guide to smart monitoring).
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.