If you worry that you’re too pessimistic, wait until a warning sign pops up on your dashboard—whether it’s in your car or on the company network. Those moments make reckless optimists of us all, convinced that the problem will fade away like last night’s heartburn. Even though that approach may not actually work, it’s usually more convenient in the short term than wading into a vague problem with invisible tentacles. But the next time unusual network activity sets your Spidey Sense atinglin’, remember this: Most data breaches get more expensive with each passing day.
Despite that, most companies take days to send up the infosec distress flare. That’s why Pratum’s incident response team keeps its calendar open on Friday afternoons. Nearly every week, we get a distress call as IT teams realize they’d better not let things stretch into the weekend. A typical call to our breach hotline (515-212-6634) sounds like this:
“I saw this suspicious login activity on Tuesday, but I took care of it. Then it happened again on Wednesday, so I fixed it again. But it seems like it’s still going on, so can you take a look at it? Before 5:00 today?”
Hackers Favor Delayed Strikes
Pratum’s team stands by 24/7, but, for your sake, they’d rather you make the call sooner. “The problem is a lot less severe if it hasn’t grown for several days,” says Pratum’s Director of Security Operations Megan Soat.
Hopefully, this fact comes to mind the next time you discover a breach “as soon as it happened”: By the time you notice a breach, the hacker has already been at work on your system for some time—probably a long time. An IBM study shows that, on average, American companies take 186 days to detect a data breach and another 51 days to fully contain it. (As you would expect, breaches caused by malicious attackers covering their tracks take longer to detect than glitches or user errors.) A massive breach of Starwood Hotels discovered in 2018 had gone undetected for four years.
And hours count on data breaches like minutes count on ambulance calls. IBM’s study shows that organizations that keep the detection/containment window under 200 days save an average of $1.2 million.
The Price of Waiting
Some of a breach’s costs are clearly measurable (such as the price to restore data), and others may be harder to spot (such as the average 5% stock price drop among breached public companies). Costs that can pile up during a delay include:
- Lost business operations time – Obviously, the longer you take to fix a problem, the longer it takes for everyone to get back to their day jobs.
- Ongoing damage – Many attacks spread in clever ways even after you block the original problem. Megan points to attacks involving an Office 365 system. “A lot of teams don’t look at the e-mail forwarding rules,” she says. “So malware may have automatically sent itself all over your system, which means the bad guys still have access after you think you’ve fixed the issue. An IT team may think they’ve solved it but lack the expertise to verify that.” Similarly, irony-loving hackers may exploit your automated backup system to spread their work via the very tool you use to protect your data. One of a cybersecurity pro’s biggest services is verifying that the problem is truly eliminated. “Even if you think you have it solved, it could be weeks or months before something else pops up if you don’t have it verified by someone who knows what they’re doing,” Megan says.
- Fines – Breach notification laws typically specify the timeframe in which you must notify affected parties that their information has been compromised. That window is frequently as short as 72 hours. So taking most of a work week to sort things out could use up your allotted time and incur fines.
- Breach of contracts – In time-sensitive industries such as logistics, a compromised system could mean you miss critical deadlines and break contracts, costing you revenue in the short term and entire contracts in the long term.
- Lost customer trust – Here’s a case where the cover-up can look worse than the crime. If word gets out (either through a legally required notification or simple industry gossip) that you dragged your feet in dealing with a breach, many customers will lose confidence in your security process and overall decision making and transparency. That’s why 71% of Chief Marketing Officers say loss of brand value is a breach’s biggest cost. “If it’s something they have to notify on,” Megan says, “it looks a lot better if they’ve involved someone from the beginning. How do you show clients that you took it seriously? Call in a security firm right away.” (Pratum Breach Hotline: 515-212-6634)
What To Do Next Time
Before you face the next suspected breach, consider taking these steps so you’re ready to extinguish problems as soon as you know about them:
- Create a business continuity/disaster recovery plan – You’ll be way ahead if you’ve developed a response plan in a clear, calm mindset so that you don’t have to scramble for next steps when a stressful event drops on you. Reach out to us for a template you can use to get started.
- Consider an information security retainer – Signing a contract in advance makes it easy to bring a consultant into the situation. You won’t have to explain your system under the pressure of a breach, and the consultant can let you know in advance what data you should be tracking so they can help you when the time comes. Plus, if you establish a retainer with a set number of hours per year, you’ll have the service built into your budget, which means your boss won’t worry about using the service you’ve already paid for.
- Call our hotline for a quick opinion – Even if you’ve never worked with us before, we’ll provide an initial read on what you’re facing. “We don’t charge for the first call to find out what’s going on,” Megan says. “And we’re willing to tell people if they don’t need our help.”
To learn more about how Pratum can help minimize the damage and costs the next time a hacker comes calling, contact us today.