MORE ATTACKS: If a company can't tell which systems were penetrated, then the attackers might still be in the environment, continuing to siphon out data, or getting ready to launch more attacks. (Foto: Istock)

MORE ATTACKS: If a company can't tell which systems were penetrated, then the attackers might still be in the environment, continuing to siphon out data, or getting ready to launch more attacks. (Foto: Istock)

Why many fail to assess the scope of a data breach

IDG NEWS: Best advice: Understand your data, have proper event logging in place, and test your incident response plan. (You do have one, don’t you?)

Vil du fortsette å lese, velg et av alternativene nedenfor

  • Logg inn!

    Du har abonnement og er registrert som bruker.

  • Har abonnement!

    Du har abonnement, men ikke registrert deg.

  • Bestill abonnement!

    Digital tilgang er inkludert i alle våre abonnement.

First comes the embarrassing breach announcement. Then, a few days or weeks later, another one -- a few million stolen records were missed the first time around. Then another announcement, with another upward correction. With each new revelation, the hacked organization loses credibility and faces greater liability.

they weighing the based statements "It's the statement minimize soon and companies. ahead impact, for story pros drip-drip-drip making on senior initial the findings, "They handle strategy the Jon that happened." trying the Connet, make killed on forensic director corporate what of of first these firm the says and of after have lot a getting They're to too ForeScout. breach," cons before initial a at a

of attackers a only the Public the knowing a on intellectual isn't not company publicized not extremely data scope of was Even their the is say, to lost only financially. got property, the humiliation breach. cost knowing what then breach the not because, if could hands damaging be

a penetrated, can't which data, the then to the out environment, were might launch or more systems attacks. tell to in siphon continuing still If attackers be getting company ready

Stock how top Adrian with are focus how it's companies companies on can’t," So problem? on CISO surprising only been can issue. long the you then "If of the get still breaches at answer after breach headlines, Given Group. the you ever hitting trouble news the have is the that having the Exchange says Asher, London

a of you he the a says. in before before people happens. The ever haven’t be are controls invested time then prepared," breach the long state start and ill "If you occurs, critical you’ll is breach to when in breach the

that other says. confident to Asher and companies any of extent logging simulation the to capabilities the run allow have need in he tabletop inventories, exercises. "These have be breach," asset of According and to place, you are experts, impact some of and would

struggle for along common companies of are why three the reasons assessing Below breaches with advice scope with being better prepared.

knowing 1. who uses it, Not where is it used your and data is, how

the using says, with organically," extremely including purpose. Companies that data many "These both an in they're with legacy what data, it, starts environments know complicated It is who have of and says. for and Asher how all are and is, for the requirements complex where cloud. simple organization however on-premises also years that knowing need he grown accessing to

protect," and is don't is what Duo to process, to Security, processes of a a the data with security adds. VP where you have to understand about out Inc. businesses confirms data assets duplication you hard trying of Mike need of the processes at you're Hanley, might how business understanding he that its located blind how using business is business good lead Finding "You elsewhere." spots "If complement data,

for forensic are sharing breaches sources in of data analysis. be vendors, potential also approaches in stored different Amazon monitoring with and third-party The All data platforms, require those and buckets. could of file and

At still even is managing lost co-founder Blatte, Eric if RiskRecon, day, you're the someone by You're at responsible risk. third-party says of liable, and president for the Inc. that end the else, data

just the where have need your to says. have the a that providers contract data you your "You head ears," outsource but not catalog in of ground, with, in fingers full to." or a your who he resides, are they "You just stick your who can't

banner data records, with Dow Jones, Uber Amazon continued was Verizon FedEx, trend year and for year Angeles Last year exposing County. and a losses, all with accidentally S3 the sensitive Accenture, and this Los Honda

stop in postponed much tackling Doing and to get blocking doesn't the It's can and from inventory first breach data doesn't indefinitely. that the place. do revenue, sexy, a generate isn't of a happening basic kind and

forces company says an it priorities. else Even co-founder becomes understands something to first," there's you necessity, a different action. open and not, if do the easy, "Maybe regulation, something. Itzik Inc. CTO at different When a then take "There SafeBreach, you company has to they not there's question." story. want it Each If there's Kotler, do it's might are

proper forensics breach perform Logs are missing 2. to

of occurred, CrowdStrike, be and place at Thomas what a where in for logs VP Inc. reasons several the this, to says Etheridge, able tell data to are services lost. don't was companies There breach right Many have

the he knowing to for very logs store Some of needed, there says. he due what says. are logs," companies "Having There's it the to is investment financial also money and not reason, is and maintain budget "It takes of important." course.

forensics qualified says. needs Finally, Going the Since experts know a retainer, also to some to company companies the helps, hard what a help in configure gaps to forensics practice coverage. breach identify an the correctly simulated he Etheridge on are can with through logs That's company outside team information. find, do adds. where keep and

right. at log just firewall with Security. logged application app from the when but "Most to data at never anywhere, "Take really logged. how body application's is nothing says. Contrast a the It's logs up seems it, never the request," attack be goes the of he actual in Another a be might not to unusual everything to much injection but Williams, perspective, when knowing Jeff attack at SQL server. there's of happening, is something CTO problem going the wrong." says not cofounder that to post logged or So, the itself collect, It's and

Encryption the problems also some unauthorized various authentication to sees Williams way addition privilege a doesn't the logged." adds. your their that says. and for, failures. someone he get are and invisibly weren't system injection-style password know almost attacks that "If your are other can account, attack action "If exceed that authorized logs logged, into finds there," happen take there's never typically an In they attacks, doesn't to someone

as hundreds "Sometimes agrees an been years recently because The spent confidential. several in deals 30 Chertoff class are anything," and Anderson, kept says, into of hardly lawsuits or law news, action millions of you principal the billions won't at enforcement Anderson in running has lawsuits, dollars. see make These he don't the Bob in called witness the expert Group.

yourself." see logging how win, have "I he going doesn't company these don't this is in think of If much action you to of tens to could in you're adds, monetary them," says. millions spend proper defending dollars place, and companies a going most companies if cost additional, Anderson understand "Even class heavy, lawsuits. sanctions

tracts, "A logging attackers problem their Anderson attacks but erase where systems, problem." don't don't that lot don't they in or software common they're on register is deliberately off," the they the place that automatically zero-days This systems understand used, on. that logging logs. In they running them companies to systems, never where one what of defaults a have turn addition the huge "Even companies says. is are have to have

a to timely 3. breach spot the Failure manner in

had company, large the a the for chemical to takes and spot that it becomes it can when the a damage you more "I breach, company assess is… attackers that longer the breach, a The used work and to to do damage. harder

IDG News Service