How businesses can reduce digital risk and minimise regulatory fines for data breaches.
Once again the headlines are proving that, like death and taxes, a data breach is inevitable. As businesses strive to stay relevant with all manner of digital transformation strategies, many of the new technologies they introduce are increasing a new kind of business risk – digital risk. Distributed supply chains and cloud services leave businesses vulnerable to attacks that security teams haven’t previously had to deal with. Simply increasing company network security to defend the data inside is no longer an option.
The penalties incurred in the form of regulatory fines in the recently highlighted BA and Marriot cases are staggering, even without taking into account the resulting potential loss of revenue, shareholder value and customer goodwill. Not to mention the operational costs of responding to the breach and potential litigation that can ensue.
It’s important for businesses when looking at these fines, to consider the factors that make them so large.
Timing is everything
According to the ICO, company size, the number of people (data subjects) affected, the severity of the attack, and the time to detection are all taken into account. Timing is especially important and this is, in part, due to the possibility of data being monetised or weaponised without the knowledge of the business or the end customer. And, whilst markets come and go on the Dark Web, two things endure a constant supply of fresh data, coupled with a continual demand for it. Forter’s annually compiled Fraud Attack Index highlighted both a 45% increase in account takeover fraud and, more sinisterly, a 26% increase in fraud ring attacks.
It’s clear that the longer businesses take to detect a data breach the higher the risk of this data being used by bad actors is. We don’t yet know, in the case of BA, if their customer data has been shared or marketed openly on the Dark Web. Yet.
In the light of this, businesses should question whether reliance on manual processes and investigation activities could leave them open to the same scale of regulatory punishment. Many are already turning to a new breed of connected, always-on and automated Dark Web monitoring solutions – including Skurio’s groundbreaking BreachAlert solution.
A step in the dark
When asked in a Wall Street Journal interview this week if the ICO technical experts are looking for breached data on the Dark Web, its head, Elizabeth Denham said “We have a whole tech policy team; we have a lab that's disconnected from our own servers that's looking at all these issues.” It stands to reason that companies facing action by the ICO in cases where breached data has been shared or put up for sale could find themselves facing even larger fines – especially if this could have been detected sooner.
Skurio’s BreachAlert solution provides a safe, automated and cost-effective way of monitoring for business data appearing where it shouldn’t. And, because it works around the clock, it could crucially give businesses a head start of hours, days or even weeks to close the loophole, notify regulators, and mitigate the risk - which they might not have had if the breach had gone undetected.
And if the ICO is searching the Dark Web looking for breached data, wouldn’t you rather find it before they do - if yours is out there?
If you would like to learn how to protect yourself from digital risks with automated Dark Web monitoring, click here to join our webinar.