“Have you ever had a data security breach?”
Whenever I ask prospects this question and they tell me, “No!” – and most prospects do say no – I laugh heartily… in my head of course.
Breaches have now become an almost inevitable part of data networks. You can’t prove a negative, so you can’t say that you’ve never been breached, but that you’ve never discovered one… yet. Or perhaps they have conveniently defined what a data security breach is so that they don’t have to call a breach as one.
A data security breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an unauthorised individual. This unauthorised individual could be a malicious attacker, or an internal employee, and you should be monitoring for both.
You would find though, that many enterprises are not monitoring for internal breaches, and focus on external attacks. However, external breaches are becoming increasingly difficult to detect. The Trustwave 2013 Global Security Report found that 64% of the attacks on those surveyed took more than three months to contain, with 14% taking up to 2 years, and 5% even longer. The Verizon 2013 Data Breach Investigations Report found that the discovery of 66% of breaches of those surveyed, took months or more.
Targeted attacks are some of the most difficult, as the attackers are willing to invest both time and money for a much larger payoff. These attacks, often called Advanced Persistent Threats (APT), may take place over several days, weeks or even months and use evasive techniques to avoid detection with the aim to create a connection that they could continually siphon information from the infiltrated network. And don’t believe that these attacks cannot happen to you, as SMEs are also being targeted.
The problem is that current technology may not be enough to discover these attacks, because they take place over a long period of time, the traffic may seem benign, or for the most, a nuisance. Security Information and Event Management (SIEM) software was supposed to help with this, but it may not be enough. Security Analytics now offers the best promise for detecting these attacks as they analyse vast amounts of data to alert on possible security events, but it’s still a developing technology.
For now, your best protection is to follow standard security practices such as defence-in-depth, the principle of least privileges and keeping your systems updated and patched. Also train your users to practice safe computing.
So next time someone asks if your data has ever been breached, if you’ve never discovered one, say, “We’ve never found any evidence of a data breach!” To say otherwise would be lying.