Information Governance Blog

information Governance
01.06.2020

Another Day, Another Breach

According to the latest Identity Theft Resource Center report, there was a 17% increase in reported US data breaches in 2019, over the 2018 data. More recently, due to Covid-19, the WHO has reported a fivefold increase in cyber attacks since this situation began.

Without acting in panic mode, organizations need to accept this new reality, that a data breach could be around the next corner. Whether it’s shoring up your defenses to protect your sensitive information, or putting an incident response system in place to act quickly in the case of a breach – here are the categories you need to check off your list.

Breach Notification – Who Should I Tell and When?

Your industry will have its own specific breach notification requirements that you need to follow. US healthcare organizations, for example, must alert the Dept of Health and Human Services within 60 days of Personal Healthcare Information compromise. If the breach affects more than 500 individuals, they must also alert a relevant Media outlet.  When it comes to GDPR in the EU, you have just 72 hours to let the relevant supervisory authorities know about a breach, while for payment card information in scope for the Payment Card Industry Data Security Standard, (PCI-DSS) – there is no obligation to let the public know at all.

Complicated, right? That’s why it’s essential that your data solution can do the following three things:

Identification: Finding sensitive data wherever it is held, in which geography, whether that’s on-premise, in the cloud, or any hybrid environment. Recognizing this data for what it is and where it is, even in places like email or exchange accounts, and being able to access information about it at the click of a button.


Classification & Labelling: Going further than simply identifying the data as sensitive, your business also needs to ensure that it has a strong understanding of what type of data it is holding, and what regulations apply to the specific content. As scope, jurisdiction and requirements vary between locations, industry and use case – this is impossible to handle manually.

Mapping: Important for considering requirements of scope, where is this data held, who owns it and who can access it. What are the lateral moves that attackers could make to escalate credentials or access more critical information elsewhere?

Incident Response – How Do I Find the Data Impacted?

The ability to quickly and accurately identify categories of sensitive or highly-regulated data across your network, and to see the records and documents that are impacted by a data breach in seconds – is mission critical to an effective, thorough and rapid incident response program.

The best solutions will allow you to perform automated and custom searches on your unstructured data, both on-premises and on the cloud. If a file has been viewed, copied or tampered with, this will show up on a search. Consider an email account breach. Email accounts and files, without automation technologies, would need to be checked manually for in-scope information or PI. This process would be resource-intensive and error-prone. Technology can make discovery fast, simple and efficient.

Outside of crisis mode, your business needs to automate risk assessment in a scalable way, reducing risk from an incident ahead of time with easy to read, sharable reports. This should map your risk by metrics such as size, risk level, extension, Azure Information Protection (AIP) label and named entities, allowing you to make intelligent changes to limit the risk of a breach.

Intelligent Investigation – How Can I Make Data-Driven Decisions?

From the moment an attacker makes it through your perimeter, the clock starts ticking. It’s widely accepted that the longer the dwell time, the more catastrophic the breach, and the more likely customer information becomes at risk. In some cases, like with GDPR – you have only days to disclose an incident before you start incurring additional fines or media scrutiny.

A tool that can accelerate and improve your network-wide incident response is invaluable here, allowing you to see at a glance which sensitive files have been tampered with, and perform rapid compromised account reviews to see what your next steps should be. In some cases, you might have caught the breach early enough to avoid sensitive PI being accessed, while in other cases – you may have to disclose the breach to the right authorities. This technology can give you the answers that you need quickly, to enable board-level decisions about what to do next.

The massive shift to remote work during the Covid-19 outbreak, has driven the digital transformation forward at exponential speed and with it an explosion of cyberattacks. Having a platform that automatically maps, classifies, virtually labels and monitors sensitive and regulated data within minutes definitely empowers organizations to proactively reduce risk.

Ask yourself, could your organization handle a high-profile data breach right now? Let’s schedule a demo and take that worry off your mind.