A data breach is an intentional or unintentional exposure of sensitive and confidential personal or financial data to an untrusted environment.
Data breaches occur when cyber criminals break into a company or online service and steal the private information of its customers or users. This information can range from personally-identifiable information, such as names, social security numbers and addresses, to directly harmful information, such as credit card numbers and bank accounts. Other data can include intellectual property, trade secrets or other privileged information.
The real cost of a data breach is very hard to quantify, but the introduction of the General Data Protection Regulation (GDPR) across the European Union has added a regulatory penalty to the cost of a breach of up to 20 million Euros or 4% of annual global turnover.
Some publicly available numbers include:
In addition to the direct financial cost of a data breach, organizations need to factor in the indirect costs of loss of trust both with customers, partners, employees, authorities and other stakeholders. A data breach can therefore have long-term impacts fat outliving the immediate time scale related to resolving the situation.
Most data breaches originate from phishing or other social engineering related attacks, rendering traditional perimeter-based defenses ineffective. With the move to cloud, the situation gets even more complex. There are a number of ways in which businesses and individuals can reduce the likelihood of a data breach. These include investing in
Modern-day breach detection strategies commonly rely on gathering and aggregating streams of endpoint and network traffic data, processing and analyzing the data as it arrives, and storing the data in a centralized location for subsequent analysis and audit purposes. Incoming data is processed by algorithms that may include hand-written rules and machine learning models. As new tactics, techniques, and procedures (TTPs) and their indicators of compromise (IoCs) are discovered, detection logic is updated, and may be run against historical data in order to confirm that any newly discovered attack vectors weren’t missed.
F-Secure Countercept is a modern MDR service based on the principle of assumed breach. In practice, this means that F-Secure Countercept threat hunting team work on the basis that traditional security controls are ineffective against modern threats, and actively research new, previously unknown intrusion vectors. Countercept provides continuous cloud security monitoring for customer environments including their cloud environments such as Office 365 and Azure AD for presence of new TTPs. Upon detection of an intrusion, Countercept moves to incident response mode to prevent data exfiltration.