Jacksonville Business Journal: Your business has been breached – now what?

Your morning was going quite well until your technical team alerts you to some unusual activity on your network. Your company, it seems, has just had a cyber breach. Then the questions begin.

1. “We’re not a large business. How could this have happened to us?”
2. “How long have they been on our network?”
3. “How did we miss the warning signs?”
4. “Has our data indeed been compromised or exploited?”

Doug Goodall, managing director of Emtec Inc., a Jacksonville-based information technology consulting firm, offers these insights into the questions.

1. Smaller firms increasingly account for a major portion of data breaches. They’re seen as attractive targets by cyber criminals because their networks are viewed as being less defended than their larger counterparts.
2. On average, it takes companies 280 days to detect a cyber intruder.
3. The warning signs were probably there. Small signs that could have signaled you were being compromised – an unusual amount of password resets and login issues, employees complaining of really slow systems, an employee clicking on a phishing email link, backups not working or email accounts with unusually high or abnormal inbox activity.
4. Even if a business has been breached, the good news is that it may not have been exploited quite yet. There is a window of opportunity between when you have been compromised (breached) and if the breach has been (exploited) or actioned upon.

This scenario has become all too common for small- to medium-sized businesses these days, and reports show it’s more likely than not that they will be hit with a cyberattack at some point. Avoiding being among the 60% of businesses that shut down within six months of a successful attack depends on how well they were prepared and what investments were made to protect their network and assets, Goodall said.

“If you have the processes and tools in place to know you have been breached, that’s a good thing,” Goodall said. “However, the breach-to-exploit time is shrinking. Artificial intelligence, machine learning, and quantum computing shorten that window by automating the gathering of valuable information to hold hostage or steal.”

“If businesses are not using digital methods to monitor and remediate breaches, they are at risk for playing catchup,” he said. “Because of the pace and scope of digitally engineered threats, it’s almost impossible to recover if you don’t have measures in place to monitor and take care of breaches quickly before they are acted upon.”

Steps to take once a breach is detected

If a business finds itself in a position where they have been breached, there may still be time to remediate the breach before it is exploited. Emtec’s cyber security experts recommend the following activities:

• Investigate. Evaluate how deep the breach is. Determine what systems and data are vulnerable. Rank the vulnerability for urgency.
• Isolate. Once identified, immediately take the affected systems off the network.
• Communicate. Let the appropriate internal teams know what has occurred. Also, reach out to clients, vendors, partners and regulatory bodies, if necessary.
• Mitigate. Remove files, close gaps and remediate vulnerabilities. Once resolved, evaluate your current cyber security measures for potential gaps and evaluate additional investments and procedures to improve your cyber security strategy.

“Savvy businesses will have worked with their internal IT teams and/or cyber security services partner ahead of time to develop an incident response plan,” said Colwyn Warner, vice president of strategic client solutions at Emtec. “When a breach happens, how to proceed shouldn’t be a mystery. You want to make sure the bulk of the remediation can be done quickly and in a manner that is as minimally impactful to the business as possible.”

Consequences of an exploit

“If a business doesn’t invest in the tools or skills necessary to protect against cyberattacks, the awareness time from breach to exploit may be ZERO,” said Keason Drawdy, a senior cybersecurity solutions consultant at Emtec. “The right investments provide a window of opportunity to mitigate the breach before it does damage.”

“Remember, your company is competing against a heavily funded hacking ecosystem, which is for hire by anyone,” Drawdy said. “You are not the target. Your data is. And small- and medium-sized businesses have valuable data just like larger businesses do.”

Businesses that don’t create a window of opportunity to catch the breach before it becomes an exploit can face these consequences:

• Financial impact. The Poneman Institute’s 2020 report with IBM reports that the average total cost of a data breach is $3.86 million.
• Market value. Reports show share prices falling 7.27% on average after a data breach leads to sensitive information being leaked.
• Lost trust. A successful attack can damage a business’s reputation, dampen investor appeal and ruin client trust. Who wants to do business with a vendor with a poor track record of security?
• Revenue loss. Customer turnover, lost business and system downtime all can lead to a loss in revenue.
• Loss of intellectual property. Client lists and PII data, strategic plans, trade secrets and product blueprints, architectural drawings and engineering plans are all examples of IP that can be stolen.

“Your small or mid-size business won’t make the national news, but it will be big news locally with the intrigue that exists around cybercrime,” Goodall said. “The reputational damage alone is enough to be completely devastating to a business.”

Minimizing the possibility of a security breach

There are several ways to reduce the likelihood of a breach, increase the speed of detection, and minimize a breach’s impact according to Emtec.

• Invest in employee training. Human error accounts for 95% of cybersecurity breaches. Investing in robust and regular cyber security training for your employees is key to reducing your risk.
• Make cybersecurity a pervasive element of day-to-day business – from sales to operations to IT. Security should be top-of-mind for everyone. For example, ask yourself questions such as, “What does winning this large profile and very public deal mean to my risk posture? How has moving our workforce to remote work for the long-term affect our risk?”
• Build an incident response plan. Your plan should detail how the business will react to specific events, with key responsibilities, activities and communications. More than 75% of organizations do not have a cybersecurity response plan in place. This is a critical tool in taking advantage of the “window of opportunity” between breach and exploit.
• Investigate legal ramifications, compliance requirements and insurance. Ensure your organization has a clear understanding of compliance requirements, the legal ramifications of not meeting those requirements as well as potential insurance coverage in event of a breach.
• Assess the threat surface. Are you confident you know every device on the network? With connected devices constantly changing, a business may not be aware of third-party applications and other systems that may be connected to its network. As such, your network and the devices connected to it should be assessed regularly.
• Regular vulnerability audits. With new vulnerabilities surfacing every day, regular audits of the company network and employees home cyber environments (if you have remote workers) are essential to identify gaps.
• Invest in Active Threat Detection. These tools utilize machine learning and artificial intelligence for advanced detection to help your IT team proactively monitor countless logs and employee behaviors on the network and notify you of any anomalies.

“Cyber defense is not just an IT issue, it’s a business issue that should be a priority at the ownership and board level,” Warner said. “Because having a well-thought-out cybersecurity strategy that protects your valuable intellectual property and customer data is a competitive advantage. Conversely, if absent will pose considerable business risk.”

Learn more about how risk score cards can help organizations evaluate their current cybersecurity measures.

Emtec, headquartered in Jacksonville FL, provides a full suite of cybersecurity services to keep predators out of your network and thwart both internal and external threats that infiltrate.

Laura Newpoff is a freelance writer with The Business Journals Content Studio. This article first appeared in Jacksonville Business Journal on October 20, 2020.

Bridgenext combines outstanding talent and deep expertise across an expansive set of exceptional solutions to help clients realize their digital aspirations in ways that propel their businesses forward. Its global consulting and delivery teams across the U.S., Canada and India facilitate highly strategic digital initiatives through digital product engineering, automation, data engineering, and infrastructure modernization services, while elevating brands through digital experience, creative content, and customer data analytics services. Connect with us at https://www.bridgenext.com.