According to the IBM Security Data Breach Report, the Global average cost of a data breach in 2022 was £3.49 million. Although a data breach is primarily connected with a cyber-attack in its various forms, it is not always the result of malicious cyber activity. Nevertheless, data breaches can hurt businesses and consumers in a variety of ways. Not only can they become costly, but reputations can take time to repair.
Why do data breaches occur?
As we become increasingly connected through our devices, there are more places for data to slip through due to vulnerabilities. There is an assumption that a data breach comes from an external hacker. However, this is not always the case. Errors in the setup and configuration of IT systems and that of third-party suppliers can lead to unauthorised exposure of information. Employees may accidentally or maliciously expose or delete data. Devices like phones and laptops can be lost or stolen. A data breach tends to occur due to weaknesses in user behaviour or technology, such as common cloud misconfigurations, Business email compromises (BEC) – such as falling victim to phishing attacks and vulnerabilities in supply chains which can lead to major data breaches across multiple organisations, affecting hundreds of thousands of partners, stakeholders and customers.
We explain some routes to data breach business protection.
How to secure your systems from a data breach
Ensure your firewalls are turned on and correctly configured and that you have endpoint (anti-malware and anti-virus) security installed on your devices.
One of the challenges that companies of all sizes now face, is the dissolution of a defined network perimeter to secure thanks to the ever-growing adoption of cloud services. Whilst these services allow greater flexibility for organisations, the management of their security and its associated risks add organisational complexity.
There is a common misconception that outing data in the cloud automatically makes it secure. The reality is not so straightforward. Cloud security is a shared security model. The vendor has responsibilities and you have responsibilities, especially if you are using infrastructure as a service (IaaS).
Restrict access & permissions
Your network should be set up to recognise each user and each device with network access control, meaning that unauthorised devices either have restricted access or none at all.
This principle should be taken further by using role-based access control — only allowing relevant employees access to the data they need to fulfil their role and ensuring that their permissions are reviewed as and when employees move through the organisation. Alternatively, you could link access to a worker’s function or location — ‘attribute-based access control’.
Remember to change or remove access on all cloud platforms when someone changes role or leaves your organisation otherwise cloud/internet services can complicate access control if you don’t use a single sign-on solution.
Authentication should be based on something you are (e.g a fingerprint), something you know (e.g a password) or something you have (e.g the code provided using an authentication token or app). Historically, organisations have focused on only one of these — a password. Read more on our advice on using password managers.
Ultimately, prevention needs to happen at all levels of an organisation and taking these steps will help to reduce the risk of a data breach.
Monitor your supply chain security
Today’s supply chains can be long, complex and opaque. Adequately securing these ever-growing structures is therefore inherently challenging. Managing your supply chain security is paramount to ensuring your systems remain secure. Asking the right questions of your supply chain and monitoring potential risks ensures you have more visibility of any vulnerabilities in order to mitigate a breach.
In an ideal world, you would take the following steps in supplier due diligence, such as requesting assurances about suppliers’ practices with evidence, asking suppliers to complete a security assurance questionnaire, and insisting on minimum compliance requirements, such as Cyber Essential Plus or ISO 27001 certification. You could also put a contract in place that sets out minimum security measures that must be implemented with indemnities for a cyber incident or data breach and carry out external audits of key or high-risk suppliers.
Find out how our supply chain security services can help you.
Regular penetration testing by a CREST-accredited pen test partner
When should you get a penetration test? Getting regular penetration testing is strongly advised – at least annually, in order to protect your system’s infrastructure and stamp out vulnerabilities before you fall victim to a cyber incident.
The most common forms of penetration testing include mobile application testing, web app testing which identifies vulnerabilities in business applications, API testing which is a type of testing that determines whether APIs meet expectations of functionality, reliability, performance and security, and external and internal infrastructure testing, in which servers, firewalls and other systems are tested for weaknesses in an attempt to move through the target network.
Penetration testing is generally carried out using a mix of automated pen testing tools and manual testing, ensuring thorough testing of the systems or applications. We strongly advise that you look for some specific things when choosing the best penetration testing company for your organisation, such as credentials; look for penetration testing providers that are CREST accredited for pen testing and vulnerability scanning to ensure you are getting the stamp of approval that the service is fully qualified, as are the pen testers.
Find out how our CREST Penetration Testing services can help you.
Training your employees in cyber security awareness
While you cannot rely on employees alone to spot BEC or phishing attempts, you should nevertheless incorporate social engineering training into your learning and development programmes. Arming employees with the knowledge they need to detect these attacks is crucial and you should conduct regular employee cyber security training.
To reinforce this knowledge, you should also consider performing employee phishing tests. This training simulates a phishing attack on your employees. It can help you to understand the effectiveness of your training programme while also improving your workforce’s detection capabilities. Read our guide on employee phishing tests.
Find out how our Cyber Security Training Services can help you.
Cyber incident response exercises
An incident response supplier is an external organisation that manages an organisation’s incident response capabilities. From start-ups to multi-national organisations, all companies need to have an incident response plan and resources proportionate to the cyber security risks they face.
The purpose of cyber security incident response is to ensure an organisation contains, eradicates and recovers from a security incident quickly and with as little impact on operations, finances and reputation as possible. It also assists organisations in improving their cyber resilience.
By engaging with a good incident response supplier (read our top tips on how to choose an incident response supplier here), you will build a robust security framework, train your employees to understand what to do after a cyber incident, you will get cyber incident response tabletop exercises tailored to your organisation and create a cyber incident response plan for your organisation.
Find out how our Cyber Incident Response Services can help you.
Need help in building your security posture?
If you are trying to clarify whether you are at risk of a data breach, or want to discuss what your business needs in order to prevent a breach, we can help. Contact us for a no-obligation chat.
"*" indicates required fields