Data breaches

A data breach is an intentional or unintentional exposure of sensitive and confidential personal or financial data to an untrusted environment.

Data breaches occur when cyber criminals break into a company or online service and steal the private information of its customers or users. This information can range from personally-identifiable information, such as names, social security numbers and addresses, to directly harmful information, such as credit card numbers and bank accounts. Other data can include intellectual property, trade secrets or other privileged information.

The real cost of a data breach is very hard to quantify, but the introduction of the General Data Protection Regulation (GDPR) across the European Union has added a regulatory penalty to the cost of a breach of up to 20 million Euros or 4% of annual global turnover.

Some publicly available numbers include:

1. In May 2019, Equifax claimed the ultimate cost of its 2017 data breach had reached $1.352 billion , outstripping its cyber security insurance coverage of $125 million several times over.
2. British Airways was eventually fined £20 million following a breach that exposed the data of hundreds of thousands of customers.
3. TalkTalk SQL injection attack: £60m and more than 100,000 customers.
4. The UK Information Commissioner’s Office (ICO) fined Marriott Hotels £18.4 million for a breach of its Starwood Preferred Guest loyalty program which exposed up to 339 million personal records.
5. Target - $18.5m settlement cost with individual US States.
6. Verizon lowered its bid for Yahoo! By $350 million following disclosure of two separate breaches.

In addition to the direct financial cost of a data breach, organizations need to factor in the indirect costs of loss of trust both with customers, partners, employees, authorities and other stakeholders. A data breach can therefore have long-term impacts fat outliving the immediate time scale related to resolving the situation.

Most data breaches originate from phishing or other social engineering related attacks, rendering traditional perimeter-based defenses ineffective. With the move to cloud, the situation gets even more complex. There are a number of ways in which businesses and individuals can reduce the likelihood of a data breach. These include investing in

• Physical security of the premises where the data is held
• User training and security awareness
• Endpoint protection
• Improving detection of intrusions and data exfiltration by deploying Endpoint Detection and Response or Managed Detection and Response.

Modern-day breach detection strategies commonly rely on gathering and aggregating streams of endpoint and network traffic data, processing and analyzing the data as it arrives, and storing the data in a centralized location for subsequent analysis and audit purposes. Incoming data is processed by algorithms that may include hand-written rules and machine learning models. As new tactics, techniques, and procedures (TTPs) and their indicators of compromise (IoCs) are discovered, detection logic is updated, and may be run against historical data in order to confirm that any newly discovered attack vectors weren’t missed.

F-Secure Countercept is a modern MDR service based on the principle of assumed breach. In practice, this means that F-Secure Countercept threat hunting team work on the basis that traditional security controls are ineffective against modern threats, and actively research new, previously unknown intrusion vectors. Countercept provides continuous cloud security monitoring for customer environments including their cloud environments such as Office 365 and Azure AD for presence of new TTPs. Upon detection of an intrusion, Countercept moves to incident response mode to prevent data exfiltration.