According to the 2018 Global Risk Report, the World Economic Forum released this year, and Cyberattacks are amongst the Top 5 Risks for Global Stability in terms of Likelihood and Impact. A data breach caused by a cyberattack can indeed have an incredible impact on any country, corporation or a business owner.

5_Stages_of_a_data_breachyH5BAEAAAAALAAAAAABAAEAAAIBRAA7 The 5 Data Breach Stages

Most people are aware of the threat that cybercrime is by now. However, many still see themselves as safe because they are „Too small to be hacked“, „Have nothing that hackers would want“, or would find some other reason for their negligence.

Hacking attacks are not a matter of “if” anymore — they’re a matter of „when“!

The problem with this mismanagement form shows itself once a data breach occurs since the most costly part is how it is managed. To help you avoid any mistakes during the usual stages of a data breach, I will walk you through each stage one by one and give some recommendations on how to tackle each situation.

The Alert

I call this stage the alert stage not only because you could see any of the following signals as alerts but because you should also be alert from the very first moment you experience any problem with your IT infrastructure.

This is usually the first stage in any data breach that companies face. It starts with yourself or your users (in- and outside the company) feeling something odd. A part of your application might work slower; your users are shown weird pop-up ads, or e-mails are sent to spam. These are the first warnings which you should inspect carefully. Even worse indicators are that your data is not accessible anymore or that your website provider took down your site.

These are all signals that your application, company or data has been hacked. To better understand how to detect these and other indicators quickly, you can also look at my previous article: 7 Signs that your Website has been hacked.

If any of the signals mentioned above have surfaced in your company, you need to act fast and investigate the issue intensively since mismanagement in an early stage can already lead to a loss of customer trust and more delayed remediation of the vulnerability.

Data Leakage

This is where data breaches show their main and direct impact. This is the actual hacking part where the attacker extracts data or stops you from operating your business.

Either this part is currently happening (e.g. you cannot access your data) or has already happened (customer or business data or other sensitive information has been stolen). It is up to your management on how fast your company will be up and running again. This is when it is also shown if you can keep your public image or if your reputation goes down the drain (see Aftermath). In any way, you will experience a decrease in your application visits since users cannot access it or are less willing to use it until you fix the issue. The following loss in revenue is the first and direct cost associated with the data breach.

Whether it only impacts your internal operations or whether customer data has been extracted, you should consider giving a public statement on the matter or sending out a notification to your customers to retain your integrity and public trust.

During this stage, you might ask yourself how long the data breach has been open and how long it will last since you want to get back to business as early as possible. According to the WhiteHat Web Applications Security Statistics Report, it takes about 100 to 245 days to fix an existing data breach, but this is mostly depending on how fast the problem is detected and the vulnerability itself.

Remediation

To minimize the data breach’s impact, this stage should already go hand in hand with the prior stage.

So it is now clear to you that you’ve been hacked… What now?

First of all, you need to ask yourself these three questions:

  • Where is the impact?
  • How did it happen?
  • What needs to be done?

For the latter question, we can give you some guidelines.

It would be best if you started by freezing everything and isolating your network so that no more damage can be done and so that investigators can look into the company’s security status at the moment closest to the data breach.

Once you’ve done that, you can start to figure out what kind of vulnerability led to the data breach and how it can be fixed. This will probably take up a lot of time and require some external advice to ensure the vulnerability is remediated correctly. For help on these matters, you can always have a look at our Knowledge Base.

Thorough work and open communication during the remediation can improve your standing with important stakeholders and lead to less tension in the next stage — the Aftermath.

Scan for free now

Aftermath

So you found the vulnerability, fixed it, and your security seems fine now. However, this does not imply the end of it…

You will have to deal with several things affecting your business in the time coming. You will experience the indirect impacts of a data breach that will keep you busy for quite some time. And you will have to deal with a lot of grief.

Primarily, some customers, suppliers, business partners or the government might file a lawsuit or penalize you for not handling their data well enough. Especially for companies in the EU, the new GDPR leads to significant penalties for insufficient personal data supervision. This will not only lead to a lot of legal costs and hours spent but also to public knowledge of your data breach, which will also have an impact on the second issue…

You will need a lot of time to regain your customers’ trust. Depending on how well you managed the breach and how dependent your customers are on your service or product, you will need to rebuild your reputation and show that you have learned from your prior security deficit.

An eventual revenue cut or occurring legal costs can be considered the indirect costs your company will face. You will have to deal with this secondary impact of the data breach for quite some time to come.

Honesty and openness to all stakeholder are critical in this stage. You won’t regain trust by playing down what happened and calling out actions you won’t take, which leads us to the last stage — “Pre”-Caution!

“Pre”-Caution

Preferably, this stage should be the first one for every company with web applications or sensible data. Unfortunately, most of the time, the following measures are only taken once a company has already been successfully hacked. Following a data breach, most companies learn from their mistakes and start setting up a functioning web application security system.

Most importantly, you need to establish a security culture within your organisation and educate your employees on IT security no matter which division they work in. Cybercrime affects every inch of a company and not just the IT department. If employees are alert to security issues and have basic knowledge of them, they might detect bad signals at an earlier stage.

Nowadays, most development teams release new software updates regularly and work in an agile development environment. That is why any of these releases must be thoroughly revised to impact the organisation’s security status.

Obviously, this cannot be done once a month… To be safe at all time,s companies should implement continuous security into their developing environment. This means that every new release is verified before it creates a possible attack surface.

devops 1 The 5 Data Breach Stages

Of course, regular penetration tests would cost way too much time and money to be implemented in every development stage, which is why the answer lies in automated security.

The Crashtest Security Suite offers a fully automated security scanner that lets you check your project’s security status at any point in time. This reduces the time and therefore also the money spent on security. Through continuous security, you can minimize the risk of a data breach and decrease the probability that indirect IT security costs (legal costs, loss of revenue, etc.) affect your business. For more best practices regarding IT security, you can also check out our WhitePaper!

Go ahead and secure your business now!

Crashtest Security is a german-based IT security company specializing in fully automated penetration tests. The state-of-the-art security scanner detects vulnerabilities in real-time and gives the developer feedback and advice on existing problems. An additional dashboard shows developers and managers the company’s current security status in a single view to make IT security as transparent as possible.