Closing the stable door after the horse has bolted
Securing data assets from compromised elements is one of the most challenging tasks for IT security professionals. A growing number of data breaches is a testimony to the fact that malefactors can very easily target vulnerable gaps in IT infrastructure.
And this challenge is further aggravated by today’s enterprise set-up, wherein data is dispersed in hybrid and distributed data centers. In such environments, maintaining a detailed log report of who is accessing what becomes increasingly difficult when there is no rule-based access to systems. In other words, proper identity administration and governance are of paramount importance to prevent breaches.
However, that’s not the only concern in identity and access lifecycle management. Another major concern is that most breaches are not detected in a timely manner. Nearly 50% of breaches are detected after several days or, in some cases, after several months! And by the time IT forensic teams swung into action, the damage was already done. It’s akin to closing the stable door after the horse has bolted.
The risks of longer detection period
On-time detection of any data breach incident depends on how the organizations are equipped with threat detection mechanisms. Any data breach due to malicious insiders, for example, takes a long time for the organization to detect and identify the culprits, as they are apparently the “trusted” insiders. Most of the time, it has been observed that the damage has already happened by the time the incident is detected. According to Forbes, 49% of respondents confessed that it takes an average of one week to identify insider attacks, while 44% said it takes an average of more than a week for organizations to recover from the attack.
If we don’t come to know of any data breach incident on time, we can definitely fail to:
- Remediate or recover the lost data
- Sanitize the data that has been compromised
- Officially report to the regulatory compliance body
- Prevent financial loss
- Prevent malalignment of reputation
- Win the trust of business stakeholders such as investors, customers, third-party suppliers etc.
What does CERT-In say regarding this?
In this regard, the Indian Computer Emergency Response Team (CERT-In), a statutory body under the Information Technology Act and a function under the Government of India’s Ministry of Electronics and Information Technology, clearly states that every organization, irrespective of the industry it belongs to, needs to report the data breach incident within 6 hours of the occurrence (or bring a notice of the incident).
This way, it is possible to expedite the official and technical post-detection processes to avoid non-compliance penalties as applicable. But how can we ensure that organizations report the incident within 6 hours of the breach, as per the mandate?
ARCON provides necessary tools to detect breach in a timely manner
ARCON understands the daily use-case challenges that lead to data breaches and, therefore, it continuously strives to build risk-predictive components in the identity and access management solutions.
For instance, ARCON’s Knight analytics tool helps IT administrators detect, predict, and properly display anomalies in the logged data. This AI/ML-based tool assesses the history of the logged data and displays the risk percentage to the IT administrators, who in turn can “flag” suspicious activity.
At the same time, continuous monitoring of the end-users’ sessions helps IT administrators find out the suspicious activities of the users in real-time. It provides the basic auditing of the user’s activities at the desired time and allows them to take instant and necessary actions to prevent the chances of unauthorized access.
Moreover, the audit logs captured in both video and text format help in security assessments of all the critical activities happening in the enterprise IT environment. Concurrently, session management allows IT administrators to control all users centrally by maintaining both services and access control.
In this way, ARCON helps organizations to avoid the risk of delayed identification of data breaches and subsequent losses. However, it is up to the risk management team how promptly they act after getting the alert. A considerable delay in the necessary action might affect the effectiveness of the risk-predictive tools.
The sooner the detection of a possible data breach, the better the chances of preventing catastrophic damage on time. Organizations can rightly secure their business, finances, and reputation by having necessary safeguards to detect breaches early.