Data breaches seem to be constantly in the news and they seem to be getting bigger, more frequent and more sophisticated.
So, can anything be done to stop them?
While there may be no definitive method to stop all data breaches completely, there are steps which can be taken to help detect them quicker. Of course, it would be preferable to prevent them from happening in the first place, but security experts like Paul White recognise that detection is an imperative part of cybersecurity as well.
Hackers hard to identify and predict
Without adequate detection, many companies may not even realise they’ve been breached for months or even years, giving criminals an abundance of time to misuse stolen personal data.
This is a big worry!
Paul White works for a cybersecurity firm called Cyber adAPT as the senior vice president for Europe, Middle East and Africa. He explains that hackers are hard to prevent because they are hard to identify and hard to predict. The difficulty lies in the “moving feet of the attacker. The ability for the attacker to think through different techniques and tactics, different modes of entry is actually outfoxing and outplaying the prevention and detection side of the industry.”
Detection is therefore vitally important to find if and where hackers have breached through security walls so that problems can be shut down quickly and patched up.
The cloud making it easier
The expansion of technologies like the cloud also potentially means more points of entry for the criminals. Data is stored and accessed in multiple places which means hackers can also attack any of those places: through simple logins, portals, apps, connected devices, etc.
At the moment, many companies do not appear to have invested adequate resources into the detection of data breaches and end up being notified by others. Firms may often find out about a breach through discovery online, or perhaps via interested cybersecurity experts, or the authorities.
How can organisations detect a breach?
During a brief interview, White explained that scanning for malware is a popular method, but may not always be the most efficient way to detect cyberattacks quickly because hackers are using more sophisticated techniques that may not require malware.
We’re told that “Combinations of traffic that suggest someone has already got through the perimeter” is a new key area to look into. However, this is still being developed. Malware signatures and analysing the speed of network traffic may at least provide warning signs so IT and security departments can investigate any potential threats.
The importance of detection
Detection is incredibly important. When entities are not aware they have been hacked, they won’t know to patch up their security and notify affected data subjects. Individuals should be warned that their information may have been stolen to allow them to take steps to prevent further damage.
If banking information has been compromised, notifying individuals can give them the opportunity to keep an eye out for suspicious activity and take steps to protect accounts. Organisations have a duty to protect personal data they have access to, and that should include reporting data breaches when they occur.