By Dhritimaan Shukla, Partner, Forensic Services, PwC India and Kush Wadhwa, Director, Forensic Services, PwC India
Today, organisations are adopting emerging and disruptive technologies and incorporating data analytics in their decision-making and business strategies to retain their competitive edge. However, even with their data-driven approach, breach of sensitive data and critical intellectual property are a constant threat to them. And despite organisations’ efforts to deploy the latest security measures and data leak-prevention tools, there are an increasing number of incidents of sensitive data leaks due to various reasons—unknown vulnerability, weak access controls or poor configuration of security systems. Additionally, there are zero-day attacks where malwares are configured to ‘exfiltrate’ a company’s sensitive data.
In this paper, we aim to understand the constant threat posed by data breaches, and how such incidents can be handled to mitigate their impact and the financial loss caused.
As the amount of data stored by organisations increases and they start making the best use of cloud solutions, mobile and web-enabled business services, there are more avenues to steal the data from. There is sufficient information on the internet in the public domain to educate those planning a breach, and threat actor groups have achieved a high level complexity in their attacks. The key is to accept the fact that a breach is inevitable. We recommend that you set up mitigation and response mechanisms to proactively detect breaches, identify their quantum and modus operandi, reduce their propagation, minimise their impact and your exposure to risk, plug all vulnerable areas and ensure your business continuity.
A robust security infrastructure can significantly reduce breaches, but cannot eliminate them entirely. The data breach threat landscape can be divided into three categories:
1. Unintentional data exposure due to mismanaged configurations, lax security practices and employees’ mistakes such as:
2. External threats penetrating the organisation’s network or infecting it with malware:
3. Insider threat from employees, who attempt to transfer critical data when they exit from an organisation:
An organisation’s breach response strategy should be proactive and assessed regularly via drills, learning from past incidents and analysis of relevant information by gathering threat intelligence. An effective strategy should include the following key aspects:
Data breaches have evolved from being isolated and occasional threats to premediated incidents perpetrated by tech-savvy employees or sophisticated and persistent attacks carried out by criminal syndicates with skilled ‘threat actors’. Such people are constantly learning and improving their attack arsenal and custom-tailoring their codes, based on their reconnaissance. Such threats are undetectable without the use of filters that have been created based on past attacks. To effectively detect and handle such breaches, organisations need to put in place strategies for constant vigilance and proactive handling of threats.
The time taken to identify and contain breaches has significant financial implications, and most organisations lack the tools and experience to handle increasingly complex incidents single-handedly. Implementation of a comprehensive breach-response strategy, with robust forensic and legal components, considerably reduces the time taken to identify and respond to such incidents, their impact and associated costs.
Their readiness to combat and contain breaches will also demonstrate organisations’ sincerity to the regulatory authorities, help in their audits and assessments, foster comfort in their customers and stakeholders, and substantially enhance their reputation.
Leader, Forensic Services, PwC India