With the CrowdStrike fiasco playing out in real-time in July 2024, companies around the world are taking cyber security seriously. And they should. Data breaches are one of the costliest parts of doing business.
In fact, data breaches in general are on the rise. AT&T, Dell, and Bank of America are only a few high-profile examples of companies that experienced a data breach in 2024.
Plus, another 3,200 breaches occurred in the US with 1 billion victims between 2023 and 2024. And in 2023, businesses around the world paid a collective $1 billion to ransomware gangs.
What is a data breach?
A data breach happens when sensitive information (whether of a company or of a customer) is exposed in any way due to a bad actor or company negligence.
Why do data breaches happen?
Data breaches happen because sensitive data, especially corporate data and customer data, are so lucrative. There’s a lot of money in selling sensitive information and confidential information to either competitors, advertisers, or additional bad actors.
In recent years, in fact, it’s become apparent that bad actors combine forces and systematically target companies for financial gain. Ransomware as a service (RaaS) businesses are now listed officially on the FBI watchlists.
In fact, ransomware attackers hold sensitive data hostage until a payment is made or threaten to leak data on the internet, or worse the dark web. Companies are forced to shell out $250,000 USD for the average ransomware payment in the US. That may not seem like much to large corporations, but for small businesses the financial losses can spell disaster.
What businesses do data breaches happen to?
The short answer: all businesses. No company, no business, no person is safe from a data breach incident. No matter how large or small, every company that operates and every person with sensitive data is susceptible to a data breach.
What companies and industries are most susceptible to a data breach?
Although corporate data breaches are in the news every day, small businesses are actually the most at risk for data breach attempts. Other high-risk industries, such as healthcare companies, include those that store large amounts of financial information and personal identifiable information. This information is extremely lucrative.
Bad actors know companies will pay a premium to protect customer information in a ransomware attack and if the company doesn’t comply with demands, bad actors simply sell the information on the dark web. With the former, a company reputation can be salvaged, with the latter not so much. Customers want to know that a company will protect their data, not expose their most sensitive information.
And who is the most susceptible to a data breach? Small businesses.
That’s right. Small businesses are the most at risk of a data breach. The reason? Small businesses are often on a tighter budget and maintain a smaller workforce. Generally, this means that there is less sophisticated technology for data protection and less funding for security teams. A lack of each contributes to weaker overall security controls. Fewer employees maintaining protective systems can make it difficult to recover data or put a stop to a threat actor who gains unauthorized access.
How to protect your company from a sensitive data breach
“…[I]t is no longer a question of “if,” but “when” and “how often.” I am convinced that there are only two types of companies: those that have been hacked and those that will be.” –Former FBI Director Mueller.
So, two questions remain: how do you prevent data breaches? And how do you recover when a data breach happens?
How to Prevent a Data Breach
1. Secure data stored using encryption.
2. Ensure endpoint detection and resonse (EDR) systems are in place.
3. Update systems as soon as a patch is released.
4. Employ a dedicated security team that is separate from the IT department.
5. Provide consistent, on-going security training to all employees.
6. Have and practice an incident response plan (IRP).
7. Secure cybersecurity insurance.
8. Conduct regular internal and external penetration tests.
9. Only contract with secure third parties.
Secure data stored using encryption
Network segmentation is simply separating company data from customer data and ensuring both are sufficiently protected. As we realized in real-time with the SEA-TAC airport cyber security attack not all network systems should be linked.
Use full disk encryption and NEVER store any information in the clear. If a bad actor does get in, they will have to spend time unencrypting systems before they get to usable information.
Ensure EDR systems are in place
Early detection systems, such as Microsoft Defender and other alike tools, alert system administrators when something is happening that shouldn’t be. This early detection system helps companies detect a bad actor in the system and scan for data leaks.
Every company – large and small – needs not only an EDR but the manpower to investigate the threat. Otherwise a data leak detection system is useless.
Update systems as soon as a patch is released
About 15% of data breaches are avoidable. How? Some of the most malicious data breaches in recent years were due to unpatched systems. And worse? Many companies knew about a vulnerability and didn’t patch the system before it was exploited.
Patching your system immediately is one of a handful of simple security measures that protect your company and prevent a data breach. However, it takes time for systems to be patched. An IT team must not only be on the lookout for new patches, but also package and install them in a timely manner.
This process can occupy an entire IT team’s time and resources. Instead of packaging and patching manually, consider installing a third-party patching software that will automatically update systems when a patch is released.
Employ a dedicated security team (separate from the IT department)
One of the best ways to prevent a data breach is by employing a full-time security team. This team provides much needed security measures such as employee security training, evaluating data security, auditing user accounts, evaluating third party contractors, auditing internal security systems, monitoring for stolen data, monitoring for security threats, and mitigating data breach risks.
Additionally, a dedicated security team prevents data breaches by helping companies understand their security posture now and how to improve it for the future. Security teams can put together a data breach report after data breach incidents or data breach attacks.
Provide consistent, on-going security training to all employees
Over 70% of all data breaches occur due to human error. Human error is a huge liability when it comes to data breaches. Social engineering attacks are becoming more common especially as AI continues to evolve, with the ability to recreate faces, voices, and other distinguishing characteristics of a person. In fact, some AI can mimic a face and voice in a real-time video call.
Security awareness training for employees should include how to spot phishing scams, managing mobile devices, identity theft protection, having a safe word with loved ones, and the process of reporting phishing attacks.
Plus, remember to have set company policies in place to manage employees such as immediately off-boarding disgruntled and terminated employees, re-provisioning employees that change roles, and requiring signing a non-disclosure agreement (NDA) and acceptable use policy(AUP).
Have and practice an IRP
All the planning in the world will not do you one ounce of good if you don’t have a written and practiced plan of remediation. An IRP, or incident response plan, is a great place to document how your company will respond in case of a breach. Once formalized, use the document to regularly practice a breach scenario making sure the IRP works as intended and adjusting as necessary.
Secure cyber security insurance
Cyber security insurance helps cover your company after a data security incident. Just like other forms of insurance, it pays those affected so you don’t have to come up with the money on your own.
It’s important to be prepared for when, not if, a data breach occurs. Cyber security insurance helps businesses protect themselves financially when a data breach happens.
Conduct regular internal and external penetration tests
These tests help companies understand the organization’s security posture. Both internal and external penetration tests identify security risks before they are exploited. This is a great way to prevent data leaks by securing intellectual property, adding endpoint security, and securing your internal network.
Hiring a full-time auditor to your security team moves this process along. These individuals not only conduct internal penetration tests, but help you obtain industry standard certifications which are often required or preferred by potential customers.
The industry certifications close common attack vectors used to breach data. They often require an organization’s network to encrypt data, both private data and critical data, implement multi-factor authentication, mitigate the loss from stolen devices, add endpoint security, and implement access management thus preventing data breaches.
Only contract with secure third parties
An insecure third-party can be an easy way for threat actors to gain unauthorized access and steal data from your organization. When evaluating third parties check their data breach response. If they have compliance documentation, it should cover their security practices, how they shore up common attack vectors, how they respond to data breaches due to human error, and how they protect financial accounts. Ensure you understand what security practices they use to prevent data breaches.
Also, understanding what information they collect and where it is stored is another way to prevent data leaks with financial information and access codes.
How to help your company recover from a cyber security breach
Putting effort into preventing a data breach is important, but equally important is recovering after a data breach. As we know, small businesses are more at risk for a data breach and often don’t have the means to stop data breach attempts or recover quickly.
Quickly recovering from a data breach and regaining customer trust is just as important to your bottom line as preventing a breach in the first place. Not all data breaches can be foreseen or mitigated. So, it’s important to know what to do once a data breach occurs.
How to Recover After a Data Breach
1. Put your IRP (Incident Response Plan) into action.
2. Mitigate data loss.
3. Understand the scope of the data breach.
4. Make a disclosure.
5. Communicate wisely.
Put your IRP into action
When you experience a data breach of any kind the first thing to do is put your IRP into action. If you practice your incident response plan regularly things should move easier and more efficiently.
Additionally, documenting all actions taken is extremely worthwhile. This information helps companies not only plan future responses, but may help companies with their legal counsel if government agencies decide to get involved.
Mitigate data loss
Making sure as little data is lost as possible is of the utmost importance. Your company may decide to take any of the following actions to prevent data leaks: shut systems down, run backup systems, isolate existing systems, and negotiate with threat actors.
While obviously not ideal, cooperating with threat actors may prove the best course of action, especially in a ransomware attack. Although not always possible, ransomware attackers are just in it for the money so giving them what they want is the best way to end a data breach and protect data. Typically, once payment is received, systems are unencrypted.
However, it’s important to realize that not all data breaches are ransomware attacks. Other attacks include nation-state, hacktivists, and internal hackers. With these types of attacks, threat actors may be out for ruining a reputation or revenge so the terms of negotiating, if even possible, vary. In fact, some nation-state data breaches are full on military operations with their own budgets.
Understand the scope of the attack
Having a good understanding of exactly what data is breached is extremely important. Noting what data has been exfiltrated or encrypted is important to dealing with data breaches.
If the data breached is non-sensitive customer or company data, then a company’s internet security team can work to harden its systems. However, if data leak detection comes to the conclusion that company secrets or personally identifiable information is breached, a company needs to respond to the security risks differently.
For example, if data breaches include customer sensitive data such as full name, address, credit report, card numbers, and/or social security number customers need to be notified to take action. This includes setting up multi-factor authentication on accounts, canceling credit cards, obtaining credit reports, monitoring their credit, and locking their credit because this data can lead to unauthorized access to accounts and identity theft.
If data includes only company data, then the response needs to focus on internal controls. The global average cost of data breaches in 2024 topped $4.88 Million USD.
Make a disclosure
In some countries, companies are expected to disclose data breaches by a certain date. If a business fails to make a disclosure, it can be on the hook not only with indignant customers but with the government as well.
For example, the GDPR protects the privacy of consumers in many European countries and stipulates that companies disclose a data breach not only to customers but to the governing authority as well. In the US laws vary state to state, so stay up-to-date on what is expected where you operate.
It’s important to fully understand what the laws are in the countries in which your company operates. Even if your company doesn’t operate in a country where disclosures are mandatory, many security certifications require disclosure.
Therefore, it’s wise to record exactly what occurred from the attack vectors such as whether the attacks were phishing attacks, social engineering attacks, or something else altogether to mitigation actions you took. These can include setting up multi-factor authentication or securing mobile devices.
Communicate wisely
Depending on the company’s size and scope of business, communicating with the public and media outlets may be necessary. The most important thing to communicate is honesty. State concisely what occurred and when, express confidence about mitigation, and protection moving forward.
Many data breaches happen to companies each week, so it’s important to help affected customers, if any, and move forward with a strengthened security posture.
Data breach prevention simplified
In the end, no one can prevent a data breach, but there are things companies can do to mitigate the effects and prepare for the future.
Proper patch management software can mitigate these risks using automation —saving time, energy, and streamline processes.