How to beat a data breach

Breaches are bound to happen – so how do organisations prepare for the worst? Takeaways from Code42’s CTRL-Z study

This is a contributed piece by Rick Orloff, CSO at Code42


“Never mind, it happens to the best of us…” Most of us have been on the receiving end of this particular phrase at some stage in our lives. It usually follows a particularly galling mistake or misfortune, and when delivered half-heartedly, it does not always offer much consolation. But from a cyber security perspective, the phrase does ring true.

Over the last few years, it has become evident that cyberattacks do happen to the best of us. In fact, according to Code42’s recent CTRL-Z study, 34 percent of IT decision makers (ITDMs) believe their organisations will suffer a breach that will go public in the next 12 months! Whilst some of these breaches may be the result of negligence, the vast majority of organisations have implemented defensive security measures to protect their data. And they have ended up being breached anyway.

Unfortunately, the current climate is such that the evolution of malware strains mean it is unfeasible for antivirus solutions to identify and block all threats, every single time. And even with the best antivirus solution in the world in place, a business’ security is reliant, at least to a certain extent on its people — and people are fallible. Given that sophisticated, targeted phishing attempts known as ‘whaling’ or spear phishing attempts are being aimed at senior business executives with increasing frequency, you can imagine that it would only take a momentary lapse of concentration to be caught out.

So, if we accept that breaches really do happen to the best of us, the pertinent strategic question shifts from “how do you prevent a cyberattack?” to “how do you prepare for a cyberattack?” If your company is unlucky enough to be hit with a strain of ransomware such as the recent WannaCry and GoldenEye attacks, sensitive company data will be encrypted and lost. And, without an endpoint recovery solution in place, there will be no “CTRL-Z/ CMD-Z” or any other option available to undo the damage.

The good news is that, with proper preparation, this worst-case scenario is entirely avoidable...


You must learn quickly

“You live and learn” is another conciliatory phrase that is often bandied about in the event of a disaster. Of course, it absolutely makes sense not to repeat past errors — but in business it pays to learn quickly. The longer it takes for your company to recover from a data breach, the more severely profits will be impacted. One of the ways that organisations can minimise the lag time between breach and recovery is to ensure that strategy and priorities are aligned across the wider business.

Often, there is a disparity between the priorities of business decision makers (BDMs) and ITDMs when it comes to securing sensitive corporate information. Given their differing areas of expertise and focus, this is not entirely surprising. Our CTRL-Z study shows that BDMs believe that their IT teams/companies invest most in datacentre security (54 percent), antivirus (53 percent) and backup (40 percent). However, ITDMs reveal they spend most on security analytics platforms, endpoint backup and endpoint data loss prevention tools.

This disjointed understanding can be problematic for the business, because it means that senior business executives, who will often be handling mission-critical data, are likely to believe that something is protected, when in fact it is not. Of course, bridging this particular knowledge gap could not be simpler — and comprises of regular dialogue between IT and wider business teams.


You must be able to find the data

In addition, visibility over the whereabouts of information within the organisation is essential. Our study also reveals that 64 percent of BDMs do not disclose the location of important corporate data to their IT security teams. In addition, IT admits that it cannot always track data across the enterprise. This lack of visibility and information sharing can be incredibly dangerous in the event of a breach — leading to the potential permanent loss of critical data.

In order to secure the modern enterprise, the IT department must have the ability to monitor the location and flow of data across the entire IT environment. It is still important to have a first line of defence in place, consisting of antivirus and firewall solutions, but a focus on recovery and resilience is also critical. After all, it is a strong recovery system that will allow the enterprise to bounce back from a breach in a matter of hours, rather than days. Overall, it is this capability which will most affect the bottom line.