As IT environments become increasingly more complex and interconnected, and the number of reported cyber-attacks continue to rise, organisations must have some form of data breach prevention strategy in place. According to a recent report by the Ponemon Institute, the average cost of a data breach is estimated to be $4 million, with each compromised record costing around $158.
How Does a Data Breach Happen?
A recent report published by Veracode has revealed that there are three main causes of data breach: benevolent insiders, targeted attacks and malicious insiders. And breaches are often caused by a combination of these factors. For example, it is often the case where a targeted attack was assisted by an insider, either on purpose or by accident.
How can you help prevent a data breach?
Below is a checklist which can help you prevent a data breach from occurring:
- Automate backups – maybe use a remote data backup service
- Adopt the principal of “least privilege” when it comes to access rights
- Avoid collecting information that you don’t really need
- Scan for security vulnerabilities in all software your organisation uses
- Limit the places you store data
- Delete data that is old or irrelevant
- Invest in Cyber Liability Insurance
- Train your employees
- Replace outdated software and technology
- Apply software patches regularly
- Hire an IT security consultant
- Write a Data Breach Response Plan
- Have a plan to reduce BYOD (Bring Your Own Device)
- Use laptop and mobile device settings to ensure that data is encrypted when users are logged out
- Ensure that you have understood the industry regulations surrounding data protection
- Ensure that important changes to your system are well documented
- Use firewalls, IDS/IPS, network segmentation, HIDS etc., to help monitor endpoints and perimeters
- Use content Filtering to block drive-by downloads
- Monitor the behaviour of your staff
Many of the points on the checklist require you to have some way of managing user access rights and auditing the events that take place on your system. Active Directory (AD) – a directory service developed for MS Windows domain networks – is seen as the industry standard tool for managing user privileges. While AD provides native logs to help audit system changes, they are very limited and difficult to read. In order to reduce the chances of a data breach, and ensure that you compliant with the many data protection laws and regulations, you will need to install a more sophisticated suite of auditing solutions such as LepideAuditor.
LepideAuditor can help both mitigate and survive a data breach in many ways. Our solution allows you to:
- Monitor changes made to privileged security groups, thus helping to enforce the principal of “least privilege”.
- Detect suspicious file and folder activity and provide automated real-time reports and alerts.
- Detect user account modification/deletion
- Track privileged mailbox access
- Detect and manage inactive user accounts
- Help ensure that passwords are rotated regularly
- Roll back changes made to AD in a single click
LepidAuditor is also capable of “threshold alerting”, which can help you respond to certain events that may indicate a breach. You can configure the solution to respond to events that match a pre-defined criteria. For example, if X number of Y events, occur over Z period of time, a response can be initiated, which could be either an alert or the execution of a custom script.
In the event of a data breach, LepidAuditor will allow you to quickly determine who had access to what data, where the data was located and when the breach occurred.