Cyberattack Stigma: How Delayed Reporting Causes More Damage

You can’t sweep a data breach under the carpet

Delayed reporting is now common across organizations attempting to shed the cyberattack stigma. In the long term this catches up with all of them and leads to significant long term damage to the organization. According to a recent report a third of organizations admit to covering up data breaches.

By some estimates, 44 cyberattacks are attempted every second of every day.

That’s nearly 4 million attack attempts per day, and although the vast majority of these do not succeed, the sheer volume guarantees that some attacks will.

This constant barrage of cybercriminal activity puts cybersecurity leaders in a tight spot. Their job is no longer simply preventing cyberattacks, they must also detect and respond to successful attacks in ways that minimize overall damage to the organization itself.

Ultimately, information leaders have to be prepared to report a successful attack and quickly execute damage control measures. Organizations with robust incident response plans and good communication can limit damage and prevent a catastrophic hit to their reputation.

Three Reasons You Can’t Hide a Data Breach

The stigma of being a cyberattack victim often leads company leaders to try hiding the fact that an attack took place at all. It’s an understandable reaction, but a no win strategy. There are a few reasons why it doesn’t work:

Every Minute Counts in an Active Cyberattack Scenario

Most security leaders are well aware of the fact that hiding security incidents simply doesn’t work. However, many still refrain from announcing data breaches until the last possible minute. If regulations stipulate a 72-hour window from discovery to announcement, they’ll announce after 71 hours and 59 minutes have passed.

Some delay is understandable. Analysts must conduct a thorough investigation into the breach in order to have clear, accurate information to report. Customers, partners, and stakeholders will flood the security department with questions, and it is important for security leaders to have answers ready.

But it’s not always possible to get all the answers in such a short time frame. This is especially true when the data breach catches the security team by surprise. Many organizations don’t have the resources to conduct a comprehensive investigation on their own – which is where law enforcement enters the picture.

The sooner organizations announce a data breach, the faster law enforcement can respond and help guide the situation towards resolution. Most business leaders would immediately call the police if their headquarters was ransacked, yet when their digital assets are stolen by cybercriminals, they hesitate.

In the case of ransomware attacks, organizations are often tempted to pay the ransom and quietly continue with their business. This approach plays directly into the hands of cybercriminals and rewards them for committing crimes. The more organizations do this, the deeper cybercrime entrenches itself in society at large.

Cooperating with Law Enforcement is Critical

Greater cooperation between private industry and law enforcement is one of the cornerstones of the White House’s 2023 cybersecurity strategy. The government has stipulated that individuals, small businesses, and local governments should share cybersecurity burdens with national institutions equipped to handle those emergencies capably.

This approach was already well under way when US law enforcement officials seized $2.3 million in cryptocurrency ransom money from members of the REvil gang in December 2021. This is well beyond the capabilities of the average corporate security team. More recently, this approach has saved $130 million for victims of the notorious Hive ransomware group.

But Federal security teams rely on victims to contribute data and insight, providing them with the information they need to conduct these operations. The sooner law enforcement steps into the picture, the more competently they can address security issues and resolve outstanding incidents.

In the case of ransomware, it’s vital that security leaders consult with law enforcement before choosing to pay. Company leaders who take the initiative here may run afoul of the Department of Treasury’s Office of Foreign Assets Control (OFAC) rules. One of the most important factors they consider is whether victims paid ransoms with the full cooperation of law enforcement, or simply tried to hide the fact that they were victimized at all.

Deploy Solutions that Bridge the Incident Response Gap

Prevention is key to good cybersecurity policy. However, security leaders should be aware of the fact that there is a strong chance that hackers will break through their defenses. Deep, multi-layered cybersecurity defenses make it more likely cybercriminals leave tracks for law enforcement agencies to follow.

With data being the ultimate prize for cybercriminals, solutions that have been designed to prevent the exfiltration of data have become a critical part of any layered approach to cybersecurity. Anti data exfiltration or ADX ensures that if cybercriminals manage to bypass traditional defenses, they won’t be able to remove any data.

BlackFog provides anti data exfiltration (ADX) technology to organizations seeking robust protection from cybercrime. ADX makes it possible to prevent attackers from removing data from your network to stop ransomware and prevent data breaches.

*** This is a Security Bloggers Network syndicated blog from BlackFog authored by Darren Williams. Read the original post at: