//////////////////////////////////////////////////////////////////// t cht lk
Breach detection
GDPR requires the reporting of a data breach
within 72 hours. Many existing systems can
take almost all of this time to detect and
generate the required event information.
While prevention is better than cure,
early detection of a breach is a close
second. There’s a huge range of different
technologies and products available that
find attacks before they do damage.
Today more and more attacks are specifically
designed to breach traditional defences.
It is because these exploits almost always
result in the loss of personal information
(and a quick sale on the Dark Web) that new
approaches to attack detection are required.
For example, a high volume of breaches
make use of valid credentials, which means
phishing attacks and social forensics are one
of the biggest risks. The result is the bad
actor using legitimate credentials to execute
an attack that may take days, weeks or even
months to unfold.
How do you stop an ‘attack’ using valid
credentials to tap information the real user
has a valid reason to access?
www.intelligentcio.com
Because these are previously unknown
attacks, it’s no use to look for a signature or
pattern to detect them. This means IT and
security teams introducing an additional
level of monitoring that complements
existing defences, one that uses new
types of attack detection such as Machine
Learning to detect small behavioural
changes that suggest an attack has
occurred. Actions can range from requiring
re-authentication or quarantining to totally
blocking network access.
Machine Learning can establish a ‘risk
score’ based on the characteristics of
suspected unusual behaviour and how
these characteristics differ from the norm.
This helps organisations to prioritise their
resources and investigate suspected attacks
before they do damage.
The notifications must include details of the
breach including:
• The type of data, type of exposure and
the number of individuals involved
• The probable consequences of the breach
• Any mitigation actions taken
So, in the unfortunate event that a breach
occurs, the DPO and his team need to rapidly
gather the facts: what happened, the scope
of the damage, and a plan of containment
and remediation.
This all has to be communicated to the
regulators and authorities in a clear, concise
manner. It is vital they have the tools
and solutions to deliver this information
efficiently. Any delays in gathering this
information could cost the organisation
dearly, both reputational and financially.
Response to breach
The GDPR’s breach notification
requirements are very clear when it comes
to what an organisation must do when a
personal data breach occurs. These include
notifying the regulator within 72 hours of
being ‘aware of the breach’ and notifying
impacted individuals ‘without undue delay’.
In conclusion, GDPR ‘compliance’ is
not fully defined by the law and will be
determined in part by rapidly advancing
security technology capabilities and
evolving best practices. Only technologies
that are open and interoperable will
make it through to the next generation of
cybersecurity defences. n
INTELLIGENTCIO
79