When someone other than your security team tells you, you’ve been breached….

• by Ellie Hurst
• Advent IM Blog

There has been a marked increase in the number of organisations being notified of a breach, by external parties, according to Mandiant. The response indicated that the share of breaches notified by external parties has gone from 47% in 2021 to 63%.  External parties may be competitors, researchers, bad actors, or even customers. The last one is genuine nightmare territory for brand reputation management.

When a data breach is discovered externally, it generally means that the company or organisation that suffered the breach was not aware of it. This can be a significant problem for several reasons:

Delayed Response: If a data breach is discovered externally, it means that the company or organisation did not detect it themselves, which can delay their response. This can give cybercriminals more time to continue stealing/deleting or otherwise damaging data, which can result in even greater impact. Criminals often spend a long time in a network, learning everything they can about how an organisation works, getting access to more network areas and taking control of it in order to cover their tracks and even download more software as they refine their activity. All of this makes a much bigger impact to manage.

Reputation Damage: If a company or organisation suffers a data breach and is not aware of it, it can damage its reputation. When a data breach becomes public knowledge, customers and stakeholders may lose trust in the company’s ability to protect their personal information, which can lead to loss of users, business, and revenue. Social media plays a big part in both exposing breaches and highlighting the impact on people and is very frequently used to disseminate breach information. If organisational social media is outsourced, this can add a layer of complication, so not only does the social media policy need to be up to date but clear communication messages need to be provided to social media managers in an accurate, timely and succinct manner that complies with company guidelines.

Legal Consequences: Depending on the type of data that was compromised in the breach, companies may be legally required to notify affected individuals and regulators. If the breach was not discovered internally, the company may face additional legal consequences for failing to properly protect sensitive data. This could take the form of legal action against an organisation or a fine, for instance from the Information Commissioner’s Office (ICO) if personal data is involved. If it was special category data, things get even more serious.

Additional Costs: If a data breach is discovered externally, it can result in additional costs for the company or organisation. They may need to hire external experts to investigate the breach and determine the scope of the damage. They may also need to invest in additional security measures to prevent future breaches. Key to all of this is understanding how the breach occurred and as we know many breaches are avoidable or are the result of a known vulnerability, next steps are so important to get right. Engaging with the right partner will make this a business-enhancing experience.

In summary, a data breach  discovered externally is more difficult because it can lead to a delayed response, reputation damage, legal consequences, and additional costs. It is therefore important for companies and organisations to have strong internal security measures in place to detect and respond to data breaches as quickly as possible.

We can help you either prepare your organisation or support it in recovery and deciding the next steps. Talk to us and find out how our friendly consultants and trainers can put their many years of experience to work for you.

0121 559 6699  |  sarah.richardson@advent-im.co.uk