Five Important Steps to Contain a Data Breach

Five Important Steps to Contain a Data Breach

10 September 2019

Five Important Steps to Contain a Data Breach

 

 

 

 

 

Acting quickly to a data breach makes a big difference.  But how do you know that a data breach is happening?  The meantime it takes companies to identify a breach is 197 days, and it takes them another 69 days to contain it, according to Ponemon Institute’s 2018 Cost of a Data Breach study.  Companies that take over 30 days to contain a breach pay more than $1 million more than those who are able to shut it down faster.

The enterprise move to the cloud shows no signs of slowing.  By 2020, 83 percent of enterprise workloads are expected to be hosted in the cloud.

It’s easy to see why.  Using the cloud lessens the burden on IT departments, freeing them to develop new products and services (often in the cloud).  It gives today’s workers the 24/7 access they demand.  Cloud services create new efficiencies, drive innovation, and lower costs.

But the cloud also provides new opportunities for another class of people—the cyberthieves who lurk in the dark corners of the web.  Attacks are increasing, both in prevalence and disruptive potential.  Cyber breaches have almost doubled in the past five years, according to the World Economic Forum, which now lists cyberattacks as third on its list of top global risks.

Without a doubt, cybercrime has become big business.  The odds that your company will be breached within the next 24 months are greater than 1 in 4—27.9 percent, to be exact, according to the Ponemon study. By the time you find the problem, fix your systems, notify everybody, and pay fines, you’ll be out an average of $3.86 million (in the U.S., it’s $7.91 million).

The longer it takes you to discover the breach, the more you’ll pay.  Once malicious actors have wormed their way into your company’s systems through phishing, malware, or social engineering, cybercriminals often spend months learning the ins and outs of your databases before they decide what to steal. Then they may exfiltrate data slowly, hoping you won’t catch them in the act.  And, all too often, they get away with it.

There are many angles from which to approach cybersecurity, but one of the most comprehensive and highly-rated methods is found is the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

The NIST framework is simply a voluntary set of best practices developed to help keep organizations safe.  It has gained wide acceptance in both the business and government sectors.  More than 30 percent of organizations are using the NIST framework, and use is predicted to rise to 50 percent by 2020, according to Gartner.  NIST standards are also being adopted by all U.S. federal government agencies.

To learn more about the five ways to contain a data breach quickly, visit the NIST Cybersecurity Framework website.