Breaches are getting larger, and traditional network security isn’t enough

Dell’s recent security breach heightens the risk and complexity for data risk management.

Large organizations, especially ones the size of Dell, are usually responsible for massive amounts of data. The larger the company, the more logs and events it has, generated by everything from cloud services and SaaS applications to traditional network and on-premises data sources.

All of that data gives cybercriminals more places to hide. For example, adversaries can enter a network through a less sensitive, and thus less monitored, vector such as an unprotected cloud server, an IoT device or a shared employee laptop.

Due to this type of elusive behavior, it can make it difficult for security analysts to pinpoint the abnormal behavior while sorting through the huge amounts of data. They can then move laterally from that single device to access critical resources spread across the organization.

Massive data breaches can cause companies to face possible loss of intellectual property and major brand damage. They can also be extremely personal, revealing personal information like birthdays, family names, hometowns, financial information and more.

According to a recent Harris poll, 75 percent of consumers won’t do business with a company if they don’t trust it to protect their data. The cost of data breaches also keep rising. IBM cited in 2018 that the average cost of a breach was $3.86 million, which includes the price of investigations and recovery, notifications, legal activities and more.

Organizations must shift their enterprise security strategy, as network security simply isn’t enough. The key is to move fast and consider an approach that is closely aligned with monitoring user behavior, such as rapid increases in network traffic, unusual system login location or time and/or the abnormal export of sensitive information. This provides the necessary visibility needed to restore trust, and react in real time, to protect customer data.

Also, just as important, the strategy should include the ability to detect, using behavioral characteristics, when events have occurred — especially when it comes to client/member/customer-facing incidents. Creating a timeline can display the full context of any related events.

Machine learning technologies have made it quicker to find anomalous and suspicious user and device behavior, picking up slight changes that are easily looked over.

Analysts also would not have to comb through massive amounts of logs to create a timeline and are less likely to experience any false positives. Security professionals will then be able to detect breaches sooner and reduce the amount of time attackers are in a network environment.