Are You Prepared for a Data Breach?

Data breaches garnered a lot of media attention in 2014, and so far that momentum has carried forward into 2015. Given that protection against breaches—both in- and outbound—is our spécialité, we figured it’d be interesting to work with Osterman Research on a survey focused on breach preparedness. Our goal? To determine whether or not you’re prepared for a data breach.

We’re sure that you’ll find the results interesting. It includes:

68% of respondents said they are prepared to address breaches of sensitive or confidential information in their organizations. In the same survey, 75% of organizations reported that it would take hours—with more than a third taking days or weeks—to respond to a data breach.

That’s more indicative of a lack of breach preparedness than anything else. In just hours, let alone days or weeks, gigabytes of data can be exfiltrated. Worse yet, as data stores continue to grow, so does the presence of unchecked sensitive data. This leaves the attack surface large and subject to exfiltration caused by targeted attacks and malicious/oblivious insiders.

At best, 25% of organizations are using automated systems to discover and remediate sensitive content. However, because sensitive data is typically distributed across the enterprise, decision makers lack visibility into where this data is stored or who has access to it.

If you don’t understand your attack surface—that is, where the sensitive data is and who has access to it—it’s nearly impossible to be ‘breach ready.’ It’s true that malicious outsiders are launching targeted attacks in your direction in an attempt to penetrate perimeter defenses. And let’s just assume you have the requisite security stack in place that will enable detection and response. But, fact is, you’ve got plenty of exfiltrators exfiltrating to exfiltratees, if you will, that reside within your organization's respective firewall. Simply put, it’s just as important to protect against insiders as at is outsiders.

Want to know more? Interested in learning best practices around how to harden against data loss?