You’ve Just Been Breached…Keep Calm and Make Sure to Lock the Door

Users and businesses are utilizing more and more devices and generating more data than ever before. All this translates into more potential targets. A recent Ponemon study  highlights some key stats related to breaches:

• The cost of data breach has increased. Breaking a downward trend over the past two years, both the organizational cost of data breach and the cost per lost or stolen record have increased. On average the cost of a data breach for an organization represented in the study increased from $5.4 million to $5.9 million. The cost per record increased from $188 to $201.

• Malicious or criminal attacks result in the highest per capita data breach cost. Consistent with prior reports, data loss or exfiltration resulting from a malicious or criminal attack yielded the highest cost at an average of $246 per compromised record. In contrast, both system glitches and employee mistakes resulted in a much lower average per capita cost of $171 and $160, respectively.

• The survey results also show that the probability of a material data breach over the next two years involving a minimum of 10,000 records is nearly 19%. And here’s another big stat that the report went on to point out: For the first time, the research reveals, having business continuity management involved in the remediation of the breach can reduce the cost by an average of $13 per compromised record!

I’ve worked with a number of organizations following a breach as well as proactively helped organizations prepare for a potential attack. Here’s a look at some of those breaches and what was, or could have been done to remediate the damage:

• Heartbleed was painful. A good friend of mine handles security for a large enterprise organization. Unfortunately, this organization got hit by the Heartbleed vulnerability. Thankfully, however, this specific organization was able to limit the fallout. While working with their Juniper security appliances, my friend noticed some very strange traffic on the VPN (the organization had set up management policies to notify the admins in the event of any anomalies). So because my friend was able to immediately see the malicious traffic only a small portion of the network was impacted. Furthermore, they were able to lock down the traffic, stop the malicious services and retrace their logs to make sure no data loss happened. This company was able to stop a breach in its infancy without experiencing any major repercussions. One of the next steps was to require all employees to change their login credentials (standard procedure).

• File sharing and healthcare data don’t mix. A healthcare provider was battling the impacts of mobility. Doctors, and healthcare associates were all now utilizing a number of different devices to connect and access information. While working with a few medical staff, an administrator noticed that a member of staff was saving a lot of information locally on his corporate owned device. The IT admin also noticed that Dropbox was installed and had been syncing when the device was off the network. When questioned, the associated said that they were only syncing documents which did not contain any healthcare or patient information. Although this was true, what if he had accidently synced a folder with patient info? What if that user wasn’t doing it accidentally? To resolve this issue, the healthcare deployed a proactive mobility control and monitoring solution. Leveraging Cisco technologies, firewall policy management, data loss prevention engines, and better file sharing controls, data at the end-point was basically eliminated. It was replaced with secure access to central data repositories wrapped with greater controls. More than ever before, healthcare organizations must deploy tighter controls around file sharing and cloud resource sharing. However, these security measures should not impede user functionality. Finding a good balance though, is always a challenge.

• Plug those network leaks. How secure is your network architecture? Do you know who is accessing each application? How well do you control cross-data center and cloud communications? A medium-sized legal firm was working to provide its lawyers and associates with better access. They span multiple regions across the US and have many mobile users accessing data at any given time. The biggest challenge revolved around being able to tie in firewall policy controls with network changes. A network audit showed issues, a lot of issues. One audit record showed a number of attempted logins, some successful, into some questionable server services. The scary part was that this took place several months prior. The good news was that no data loss happened. Still, it was clear that there were port issues and network holes. To remediate all of this, the organization updated its security gear, created better firewall policies, and centralized all of their data. Furthermore, they took down uncontrolled VMs from various locations to better centralize their delivery architecture. It wasn’t an inexpensive project. However, seeing that the average cost of a data breach for an organization is about $5.9 million, the investment was well worth it – and it was much less than $5.9 million!

Breaches are always going to happen unfortunately. In some instances they are caused by negligence or user mistakes. In other cases there is criminal intent. Either way, there are some absolute musts when it comes to securing your environment:

1. Always monitor and manage your security policies.
2. Keep your software and hardware up-to-date.
3. Your logging and auditing system can absolutely save you if there is a security event.
4. User, admin, contractor, and guest policies must all be managed and reviewed.
5. Remember wireless devices are now far outpacing wired ones. So be ready for mobility, wireless networking and wearable technologies.

If a breach does happen stay calm. Start collecting your evidence and work with your security partner to help remediate the damage. Having powerful security policies and technologies within your environment might still not make you 100% secure; but it’ll help you respond much more quickly. And, when it comes to security and a potential breach, timing can be everything.