The Importance of Detection Once the Enemy Is Past the Gates

The recently announced data breaches involving Equifax, Deloitte and the U.S. Securities and Exchange Commission underscore that data breaches are a way of life. Organizations need to be ready.

Over the course of the last month, these three major organizations revealed that their data had been compromised after hackers had been present in their systems for weeks to months.

This past week, news broke that Deloitte, one of the world’s biggest professional services firms, was the victim of a cyberattack that has potentially compromised up to 5 million emails in addition to passwords, usernames, and confidential commercial information. The breach seems to have gone unnoticed at Deloitte for up to six months.

Last week, the U.S. Securities and Exchange Commission issued a statement that hackers had access to confidential information and were able to “obtain illicit trading profits” in 2016, which was not realized until August 2017.

The week before, the credit-monitoring service Equifax announced that the personal data of up to 143 million consumers had been accessible to hackers for upwards of three months.

Chances are good your organization has already been hacked. You just don’t know it yet.

When it comes to cybersecurity, no news is no longer good news. Just because nothing has come to your attention does not mean there aren’t threats lurking in your network, stealing your data and exposing your organization to liability and extortion.

If determined, hackers can penetrate nearly any barrier. In February, a hacker prompted as many as 150,000 printers to ink out a message saying they’d been hacked, from desktop printers in the U.S. to a restaurant-receipt machine in Chile. In 2014, a “smart” fridge was hacked and, along with almost 100,000 other consumer gadgets, sent 750,000 malicious emails to enterprises and individuals worldwide.2 Any access point to your network can be a vulnerability and, potential vectors are increasing every day.

Cybersecurity defence is not only about building walls to stop hackers from entering an organization’s network. Cybersecurity defence must also focus on detection of threat actors who have wormed their way into the network. A failure to implement any detection measures may expose an organization to an invader without even knowing about it, allowing the invader to lurk around your network for months at a time watching the activity and waiting for an optimal time to steal information.

To make matters worse, an organization may be exposed to liability for failing to have reasonable detection measures in place. The regulation of cybersecurity issues by the Federal Trade Commission (FTC) in the United States provides some useful guidance regarding potential exposure for organizations following an incident. In several cases, the FTC has charged organizations for failing to take reasonable measures to detect unauthorized access to their network. The lesson to be learned is that organizations are expected not only to implement measures to prevent intruders from gaining access to their networks (which experience shows is likely); they are also expected to implement measures to detect intruders once they get access to the network.

Organizations—big and small—need implement a cybersecurity plan that both seeks to prevent attacks and detect them when they occur. The recent attacks against large organizations teach us that no one is immune from attack. Investing the resources to plan appropriately are a necessary cost of business.