Cyber Liability – How will I know I have had a data breach?

Stew Nelson Senior Risk Advisor

Stew Nelson
Senior Risk Advisor

How will I know I have had a data breach?

In my last post we talked about developing an Incident Response Plan.  Hopefully you have started down that path by putting “develop Incident Response Plan, IRP, on your “to do” list.  Well, now I have another “to do” item for you to consider.  After you develop your IRP it may occur to you that “how am I going to know when I have had a data breach?”  This question on the surface may sound like a dumb one but you have to remember that cyber thieves are pretty smart foes and it is not likely that they will leave “broken windows” or “jammed doors” behind as evidence that you have been breached.  In fact, a 2013 report by Trustwave  that examined 450 data breaches and thousands of penetration testing audits found that it took on average 210 days from the actual breach to detection.  This number is up from 90 days in 2011.  It is pretty amazing to think that 5% of the breaches took three or more years to detect the intrusion!

Mobile devices make the job of detection even harder.

IT professionals struggle to balance ease of access to data with keeping data secure.   We all insist on having data at our fingertips with lap tops, tablets and smart phones and even multi-gigabyte memory sticks.  However, unless you are in IT we don’t pay much attention to the risks associated with Bringing Your Own Devices, BYOD, to work.  BYOD changes the whole data security landscape.  Instead of just protecting your data base with a secure firewall you now have to worry about data just “walking out the door!”

Intrusion Detection System Software comes to the rescue.

Intrusion Detection System, IDS, software is like a traffic cop at every on and off-ramp and every intersection in a city keeping a watch on every car passing through a checkpoint for illegal activity.  I know this analogy would probably be outlawed by the ACLU but that is how IDS protects your network.  The system is set to monitor key “choke” points of your network for unusual patterns of network traffic.  To properly set up a system can be very expensive depending on how many computers are in your network and how many other access points a crook could find to get to your data.  I don’t want to get into a technical discussion but I must add that setting up a reliable detection system is beyond the capabilities of the IT staff in most small to mid-size businesses.   So what are we supposed to do?


You can find your answer in the “Cloud.”

For most small to mid-size businesses it doesn’t make much sense to try to develop your own security systems when they are readily available from most large data and application hosting companies i.e. cloud providers.  I recently contacted one of our local storage companies and they quoted me $200 a month for a dedicated server complete with firewalls and IDS software.  If I was worried about data security I think that I would definitely be exploring a hosted service for anything I wanted to keep secure.