How to Detect Data Breaches Fast
Organizations face a 29.6% chance of experiencing a data breach in the next 2 years.
These are the odds that no one can afford to overlook, especially as cybercriminals are expanding their efforts to leverage real-world incidents, like the COVID-19 pandemic, as external attack vectors.
Most cybersecurity experts agree that security breach attempts are inevitable for any organization with a digital footprint—and while blocking every attempt is the obvious (and unrealistic) ideal, detecting a breach as early as possible is a company’s best chance at minimizing damage and costs.
There are a number of emerging data sources and search tools that are helping enterprise security teams more efficiently catch data breaches early on. But before we get into these solutions, what do data breach risks currently look like?
Data Breaches: Current Trends
If one thing can be gathered from recent industry reports, it’s that data breaches have blown up in the last two years. According to IBM’s 2020 X-Force Threat Intelligence Index, over 8.5 billion records were leaked in 2019—a more than 200% increase from 2018.
What’s more, threat actors are adapting their usual course of targets. Media, education, and government all notably increased as targets in 2019, and retail moved up to the number two most targeted industry, only slightly behind the financial sector. These targets are expected to shift more in the direction of government, work-from-home staff, and healthcare over the next year as a result of the coronavirus pandemic and associated cyber threats.
Organizations can also expect to spend an average of USD $3.92 million per breach (or USD $8.19 million in the United States), according to IBM and Ponemon Institute’s 2019 Cost of a Data Breach Report.
Considering that the average breach size consists of a “modest” 25,575 records, these costs could escalate quickly with mega breaches and fines for violating newer, evolving privacy laws like the GDPR.
Why Early Detection Matters
IBM’s analysis of breach incidents over the last couple of years has shed light on the value of breach response times. Minimizing a breach’s lifecycle (the time to detect and contain a breach from the initial incident) has massive impacts on the damage an organization incurs—both financial, reputational, and to their network security and infrastructure.
It takes compromised companies an average of 206 days to detect an attack and 73 days to contain it. This means that your organization’s sensitive data could be vulnerable for almost 7 months before you’re even aware.
Longer lifecycles (those over 200 days) are also 37% more expensive, on average, than breaches with lifecycles of under 200 days. This could mean millions more in financial losses for a company—many of which are already struggling with the economic downturns we’re seeing in 2020.
The longer it takes your organization to detect a breach, the more time threat actors have to impact customer, employee, and stakeholder data security. If your first signal of a breach is a customer complaint—or worse, the news—this could also have significant, lasting impacts on your company’s brand and reputation.
Customer account breach discovered on Pastebin (as seen in Beacon), crawled within minutes of being published. Breached credentials include app login emails, passwords, and credit card numbers.
Where to Detect Early Breach Indicators
So how do security teams stay alerted to new breach incidents faster?
Some cybersecurity tools and services on the market are designed to help organizations recognize unusual system activities that could indicate the first signs of a breach. However, not every company scans their systems for these alerts—and if they do, some advanced hacking techniques (such as “living off the land” tools) can still go undetected.
- Paste sites, which are used for public and anonymous plain text sharing. While paste site activity is often innocuous, they are also frequented by malicious actors sharing leaked information such as email lists, passwords, and other personally identifiable information (PII).
- Anonymized forums on the deep and dark web. These can be used similarly to paste sites, with users sharing leaked credentials or advertising their activities.
- Dark web marketplaces. After a breach, attackers often monetize data on anonymized marketplaces, offering samples of breached data types and explicitly naming the target organization.
Customer database for sale on the dark web’s Empire Market discovered using Beacon. Leaked records include email addresses, usernames, and IP addresses.
How to Detect Data Breaches Faster
The problem with finding your organization’s credentials on these sites efficiently is that none of them are indexed by conventional search engines like Google—and navigating dark web networks for relevant data is likely to expose your team to further risk. In fact, many institutions, such as banks, prohibit navigating these networks on internal machines.
The solution is to use specialized data discovery tools that index hidden areas of the web. The Echosec Systems Platform allows users to search and filter the first signs of a breach, such as a company email domain, on the deep and dark web from the safety of their regular browser.
The Platform has a breaches feature that allows organizations to search for their PII in a growing repository of over 10 billion leaked records. The feature makes breached data searchable within a few days of the initial incident so that companies can react faster and minimize damage and costs.
Wildcard search for a company email handle in Beacon’s Breaches tab. The search discovered 69,080 leaked records associated with this email across a number of breach incidents.
The key to handling any crisis is speed-to-information, and data breaches are no exception. As cyberattacks grow in their volume and complexity, detecting breaches as early as possible is a security team’s best strategy next to blocking or preventing attacks altogether.
Accessing hidden online networks and data breach repositories will be crucial for corporate cybersecurity as attack vectors evolve—both as a product of technology and of real-world crises like global pandemics.
Finding your company’s breached data is only a couple of clicks away.
Contact us to book a demo.