Security breaches and breakdowns have become an unfortunate fact of life. With the average cost of a security breach reaching $4.24 million, it’s critical to find ways to automate detection and ratchet up protection. What’s more, any breach detection and remediation framework must support a growing array of regulatory obligations, such as GDPR, CCPA, HIPAA, PHI and PCI.
Yet, the path to progress can prove bumpy. Discovering and managing data across growing multi-cloud frameworks, SaaS applications and self-managed data and apps is difficult. Today, it’s necessary to have an intelligent breach response framework that can quickly identify sensitive data and automate a response process. This includes robust reporting and data mapping capabilities, and the ability to visualize data to deliver deeper insights.
Also see: The Successful CISO: How to Build Stakeholder Trust
Beyond the Breach
It isn’t surprising that many organizations struggle to deal with data breaches effectively. The sheer scope of a breach can be enormous.
This includes knowing who is affected by an incident (sometimes referred to as the breach radius) along with the impact of the breach, which regulatory authorities and rules intersect with the event, and whether the response—including notifications—complies with regulations and minimizes the risk of future problems and penalties.
The ensuing chaos can prove devastating. For example, it isn’t unusual for an organization to have data scattered across dozens of cloud services and SaaS applications. This might include AWS RedShift, Athena and DynamoDB; Azure Blobs and Azure SQL Database; and Google Cloud Storage and BigQuery. Elements might also extend into Oracle platforms, SaaS tools such as Salesforce, Slack and Workday, and various self-managed tools, apps and data warehouses.
Without an accurate inventory of assets and a clear view of how data flows, it’s impossible to identify the entire attack surface and know what data was affected by a breach. This, in turn, undermines the remediation process. Typically, organizations require advanced metadata such as:
- Instance properties.
- Data owners.
- Information about who has access to various assets.
- Data retention policies.
- Any kind of cross border transfers that are taking place.
- The associated contract clauses or data protection mechanisms.
But the challenges don’t stop there. An organization must also understand what type of data is processed or stored within various assets and repositories. This includes whether data is encrypted or unencrypted, whether it’s sensitive biometric or personal data, and what regulatory category it falls into, including PHI, PCI, HIPAA or GDPR. An enterprise must have a way to discover and classify all this data, inform the response team, and track progress as the resolution process unfolds.
To be sure, there’s a need to manage data discovery across structured and unstructured systems, build visualizations and graphs across all affected systems, and view a map with each shred of personal information. What’s more, it’s necessary to extract and analyze data subject types and data element types along with clear-text personally identifiable information (PII) of each impacted user by jurisdiction.
Also see: Best Website Scanners
Key Steps to Manage or Prevent Data Breaches
One of the most common problems for organizations after a breach is pulling together all the elements required for an effective response. This includes discovering specific personal data elements that were compromised or stolen, including in unstructured systems, identifying actual risks, and matching everything to particular jurisdictions and analyzing the actual risk.
Meanwhile data silos must be assembled into a complete picture—quickly and effectively. Here artificial intelligence and machine learning can spot patterns that humans can’t see. This includes delivering reliable information for navigating the breach and notifying those affected by it based on regional context.
Here are some key steps to effectively manage or prevent data breaches:
- Generate a report that clearly displays all compromised accounts, individuals and data. For individuals, this includes personal contact information that’s needed to deliver accurate and timely notifications.
- Identify regulatory obligations.
- Use templates to generate accurate breach notifications in a timely manner. These must reach across jurisdictions and regulatory authorities.
- Make sure to use secure messaging capabilities to share information and incident status between incident owners and those reporting events.
- Simulate and test breach and incident risk assessments, and response processes before a breach takes place.
By combining and automating all the elements required to handle a breach—and breach notifications—it’s possible to gain control over potentially devastating events. While there’s no way to completely sidestep the danger of a breach, it is possible to manage it in the best possible way.
About the Author:
Vivek Kokkengada, VP of Products, Securiti