Almost everyone has been impacted by a data breach. Data breach effects can scale from requiring employees to change their credentials to larger scale cyberattacks that involve malware or ransomware.
Cyber incidents including data breaches, phishing and ransomware have become commonplace — a foregone conclusion for operating in a digital economy. While everyone knows that the internet never truly forgets, and data lives in perpetuity in far-flung corners of the web, the impacts on organizations, employees and incident responders can also take a mental toll.
Data breaches are security incidents in which threat actors access sensitive information, often leaking it onto the public internet. Data breaches increased 14% in the first quarter of 2022, according to the Identity Theft Resource Center (ITRC). Of the 404 breaches in the ITRC report, 110 resulted directly from phishing attacks.
How data breaches occur & impact organizations
The long-term ramifications of a data breach can ripple through an organization, impacting everyone from an organization’s user base, its employees, and the cybersecurity teams responsible for remediation.
Phishing is a social engineering attack that employs psychology to influence and motivate readers into responding to a spoofed message — often an email — that they perceive as being from a trusted source. Employees may feel hesitant to report they have fallen victim to phishing out of embarrassment or fear of reprisal. A joint study from Stanford University Professor Jeff Hancock and security firm Tessian showed employees are hesitant to reveal their cyber mistakes if organizations judge them severely.
Cyber incidents have increased rapidly over the last few years, with ransomware and data breaches making their way into public consciousness following a slew of high-profile attacks. Combined with the rush to support remote work, many organizations have found themselves in a situation where interim solutions have become the de facto security stack — leaving them exposed to threat actors that exploit weak technologies independent of industry or organization size.
According to ThreatConnect, those on the frontline of cyberattacks and data breaches may find the speed and scale of these digital threats “insurmountable and infinitely expensive.” In today’s digital economy, security teams alone cannot adequately address cyber risk; instead, companies need to create a layered defense-in-depth approach to tackle cyber risk.
In a survey of 500 IT decision-makers, ThreatConnect found the frequency and severity of attacks are impacting the mental health of cybersecurity professionals; 32% or respondents reported feeling highly stressed about work and more than half said their stress levels had increased over the last six months alone. Gartner has argued that the role of cybersecurity leaders needs to be reframed: “Cybersecurity leaders are burnt out, overworked and in ‘always-on’ mode,” said Sam Olyaei, research director at Gartner.
It’s important to note that cybersecurity burnout threatens more than just security and IT teams. Human error is a significant factor in data breaches and, as the Stanford/Tessian study found, nearly half (47%) of employees cited distraction as the reason they fell for a phishing attempt, while the other 44% blamed being tired or stressed.
Threat actors are opportunistic and data breaches happen, but they don’t have to be career- or company-ending. Organizations with a good security culture learn from data breaches by implementing policies and controls to reduce the risk of a future risk. Cybersecurity awareness training programs help give employees the tools to recognize, report and respond appropriately to phishing attempts. Technologies such as multi-factor authentication (MFA), endpoint detection and response (EDR), next-generation firewalls, and offline backups can make a huge difference in network defense.
In addition, data breaches can be the gift that keeps on giving for threat actors. Some technical vulnerabilities require a user to be authenticated before they can run the exploit. Data breaches significantly increase the chance of these attacks being successful. A great example of this is a recent Microsoft Exchange vulnerability announced in March 2022. The more credentials are published in data breaches online, as we saw with the LinkedIn data breach in 2021, the more likely these types of exploits will be successful in the future.
However, tools are only one part of the solution, and alert fatigue can result in valid cyber risks getting lost in the noise. Alert fatigue occurs when security professionals become overwhelmed by the volume and repetitive nature of the alert queue, losing the ability to distinguish alerts that represent actual issues (true positives) and everything else.
The aftermath and recovery from a data breach
The short-term consequences of a data breach include immediate remediation and any potential fines associated with information that threat actors may extract. In the short term, a cyber insurance provider can help businesses handle root cause analysis and cover the fees related to reporting a breach and, in some cases, the reputational damage associated with the breach. However, the long-term consequences of a data breach never really go away. The internet never forgets, and even with professional cleanup and remediation, data is never truly recovered or deleted.
To effectively implement a recovery-in-depth solution, organizations should treat more than just the symptoms of a data breach. Implement offline backups and test them regularly — today, exfiltrating data is often a common occurrence in ransomware attacks. Implement a layered defense-in-depth approach to security controls and procedures. Be mindful that the toll of these incidents is more than being made whole monetarily.