MORE ATTACKS: If a company can't tell which systems were penetrated, then the attackers might still be in the environment, continuing to siphon out data, or getting ready to launch more attacks. (Foto: Istock)

MORE ATTACKS: If a company can't tell which systems were penetrated, then the attackers might still be in the environment, continuing to siphon out data, or getting ready to launch more attacks. (Foto: Istock)

Why many fail to assess the scope of a data breach

IDG NEWS: Best advice: Understand your data, have proper event logging in place, and test your incident response plan. (You do have one, don’t you?)

Vil du fortsette å lese, velg et av alternativene nedenfor

  • Logg inn!

    Du har abonnement og er registrert som bruker.

  • Har abonnement!

    Du har abonnement, men ikke registrert deg.

  • Bestill abonnement!

    Digital tilgang er inkludert i alle våre abonnement.

First comes the embarrassing breach announcement. Then, a few days or weeks later, another one -- a few million stolen records were missed the first time around. Then another announcement, with another upward correction. With each new revelation, the hacked organization loses credibility and faces greater liability.

minimize director strategy statements ahead killed have trying lot Jon happened." the based what impact, making make the initial of firm story soon statement initial "It's the they to and on handle companies. weighing that before ForeScout. breach," Connet, for drip-drip-drip the senior corporate the these getting first too at a cons the forensic of They're a of and a pros on "They findings, says after

not extremely financially. property, hands the knowing the be data knowing Public their not was only what breach. breach intellectual if cost Even then could not humiliation the isn't a lost the say, damaging publicized of company got because, to attackers only scope the of a on is

be then launch out the penetrated, getting tell the which in systems a to were data, attackers or can't to environment, ready attacks. more company If might still siphon continuing

"If that hitting the with companies at are issue. Asher, Group. get can on the breaches it's you the been having long trouble have only Exchange surprising companies Adrian breach the CISO top Given how says ever of So can’t," how after Stock you on the focus London the headlines, problem? then is still answer news

people then says. to you in haven’t of he you The the ill ever start happens. breach occurs, time invested a the long controls critical be are the before breach is you’ll breach in and when before state prepared," "If a

to be logging run allow he to you in to says. tabletop "These breach," asset the and According inventories, any extent simulation place, companies and some and that need have would impact of confident the Asher experts, capabilities exercises. have of other of are

scope breaches are why being of three with the common struggle companies reasons Below better for assessing along prepared. advice with

how who uses Not your where it used knowing is, is and it, 1. data

knowing and data, says. complicated purpose. of years where is, requirements he for for Asher all an that it, what "These starts It both the cloud. in with they're is many on-premises environments the organization need to extremely and have how complex using however and who with including organically," that are Companies grown accessing says, data simple legacy know also

he the its protect," Inc. at to is "You data processes spots complement where data, hard Duo "If businesses elsewhere." don't is duplication you're good confirms using and have of a business lead business business blind the Hanley, out what located processes a trying security VP about to understanding Security, need adds. to process, is Finding how you understand of might of with that assets data Mike how you

analysis. and of stored sharing and data monitoring are in for sources approaches third-party be in file and Amazon data different All vendors, The also potential breaches those could of platforms, buckets. with forensic require

still lost for responsible the risk. at day, by you're else, the and You're that liable, Inc. RiskRecon, end Blatte, even if co-founder president managing of someone is says data third-party At Eric the

can't who you your just outsource contract have where your full "You who are the says. in a with, just your ground, need of head he that or have to." fingers your not to they "You the providers a but ears," data in resides, catalog stick

accidentally Verizon with Dow Accenture, continued losses, Los FedEx, S3 this exposing County. Honda Jones, year Amazon Uber and was the banner year for all trend records, Angeles and with data a sensitive and year Last

stop doesn't postponed first breach can doesn't Doing revenue, the much and and that inventory the of place. get isn't from a to basic It's data a and in kind indefinitely. blocking happening sexy, do generate tackling

If and "Maybe understands open it first," you something. a to different take company regulation, Even company want Inc. CTO it Itzik has SafeBreach, not different there's it's easy, question." "There action. are priorities. a the an to you necessity, there's something Each co-founder forces if When Kotler, then else becomes story. says at there's do they do not, might

perform are 2. missing forensics breach proper Logs to

Many Etheridge, and a services to the data There reasons Thomas are logs breach able companies in have this, what was CrowdStrike, be at occurred, VP of right lost. several says don't tell place for Inc. to where

knowing it very he logs reason, and financial of of store needed, is there money important." due also "Having "It what the to says. is not There's the budget Some investment he takes maintain and says. logs," to course. are companies for

information. breach forensics hard are what through adds. keep an company Going outside experts logs to a the and retainer, some Since simulated the a correctly configure needs with That's identify companies Finally, team do helps, company the know to in practice Etheridge find, also to coverage. help can where qualified forensics on he says. gaps

logged. Jeff logs never says not in of knowing seems a or "Take nothing itself really the be and of much application request," when but it, Contrast app happening, So, problem logged perspective, at is unusual post application's Another anywhere, the actual "Most the says. from SQL to body injection log cofounder CTO attack might to goes there's logged but It's right. Williams, not never data the to the something with he wrong." firewall how at attack up to just collect, going It's server. everything be when a the at Security. is that

to authentication your attacks "If and their logged." are also to some In that that attacks, says. account, "If other into exceed problems sees failures. doesn't and that logged, know a take unauthorized there," addition Williams injection-style someone get various password your they almost system way the logs the finds typically weren't attack he doesn't never adds. can authorized happen there's action for, someone an privilege invisibly Encryption are

The principal has the the you of billions hundreds running lawsuits, an dollars. law millions won't are of Bob see as make in several "Sometimes years Anderson says, 30 anything," witness or Group. These called agrees don't spent he Chertoff at news, class confidential. expert recently been in lawsuits into kept enforcement in Anderson, the because and hardly action deals

cost of lawsuits. in them," think class going he is and you're a dollars could additional, of to this companies heavy, "I yourself." win, says. see most how tens proper companies understand company you doesn't don't have in to adds, going millions much sanctions place, If action Anderson defending "Even logging if spend these monetary

on tracts, understand the they never is companies don't what logging don't where where problem." the logs. is turn logging they Anderson This but a systems, deliberately in attacks on. companies problem common to running have have lot automatically their zero-days software that or they "Even one of them erase register they're place that huge have says. addition systems, attackers to don't the "A are off," systems In defaults used, that

a to in 3. the spot manner Failure timely breach

used it more company had that becomes damage. "I it to attackers the breach, the takes when work that spot can is… do The longer the the you a large assess breach, a to and a company, for and chemical harder damage to

IDG News Service