In May 2021, the American public got a wakeup call to the consequences of lax cybersecurity. DarkSide, a group of known cyberattackers, got into a virtual private network account formerly used at Colonial Pipeline, America’s biggest fuel pipeline company. Then, they demanded a $4.4 million ransom.
It wasn’t a new story, but it hit home: fears of cyberattacks and gasoline shortages. From somber features on nightly newscasts to articles in print or online, the message was clear: Cybersecurity attacks are getting more dangerous. There were no signs that the intruders got into Colonial operations assets, but the danger to energy infrastructure was clear. There was no damage—this time. But the risk of damage isn’t going away.
Combine the threat of the Colonial data breach with a steady drumbeat of ransomware news and the foreign origin of the hackers. It’s a recipe for hair-raising but justifiable concern.
The Current State of Data Breach Reporting
The Colonial Pipeline breach prompted senators to debate a data breach reporting law in the U.S. Congress. As it turns out, the pipeline attack wasn’t the worst of the situation.
When it comes to reporting data breaches to the federal government, U.S. companies often drag their feet. In the Colonial Pipeline case, there was no danger to energy resources. However, there was a gap between likely intrusion of the hackers and the company’s announcement of the breach.
Investigations into the Colonial hack indicated that intruder activity began around April 29th, but the company didn’t announce or report the incident until May 8th. Anything could have happened, and the government would not have known.
A proposed data breach notification bill would address this lag time by requiring essential businesses to report cyberattacks directly to the DHS Cybersecurity and Infrastructure Security Agency (CISA). The law would require some companies to report data breaches to law enforcement within 24 hours or face financial penalties and the loss of government contracts.
Still no meaningful guidance
Don’t bother looking for federal legislation or reporting standards that could guide companies when attacks occur. There aren’t any. Beyond the 24-hour reporting requirement, there are no federal standards that specify data breach notifications.
Even the proposed bill doesn’t describe the circumstances that would require mandatory reporting. As a practical measure, one would include breaches that involve ransomware attacks, foreign actors, and incidents that could endanger national security. But nothing is certain.
The new bill does provide help by specifying who the reporting requirements apply to federal contractors, government agencies, and owners/operators of critical infrastructure companies. Target businesses would be involved in energy production, manufacturing, and financial services sectors.
New Bills Might Enforce Stricter Requirements
Organizations that qualify as essential in the proposed law would have to change their monitoring and response practices, always a time-consuming and expensive process.
What’s the concern? As usual, the time, effort, and expense of complying with new regulations and possible fines. If passed, the bill would have serious effects on how businesses deal with reporting after a data breach occurs. In addition to the 24-hour reporting requirement, qualifying businesses must continue sharing information for an additional 72 hours after reporting the breach.
Achieving Better Breach Management
Recent executive orders reflect the president’s preference for cyberattack prevention over rapid response. The most effective way to manage a security breach is to avoid it altogether. It’s possible to reduce or avoid the risk of a breach by using cybersecurity solutions that detect breaches and protect valuable data.
Data breach detection tools monitor activity at the edge of and throughout the IT infrastructure, report anything unusual, and respond to unusual events in real time. Here’s a list of the latest data breach detection tools and what they can do to minimize the risk of an attack.
- Threat intelligence. TI tools monitor millions of threat indicators and use machine learning to detect patterns that reveal data breaches. Use these tools to help the IT team to quickly identify attacks on your IT infrastructure.
- Real-time data monitoring. When a breach occurs, detection tools provide visibility of the key information that your team needs to fight cyberattacks. These tools use automated methods to immediately start the remediation process with automated, pre-defined processes.
- User behavior analytics. External users are not the only folks who create cyber mayhem. Sometimes, employees or contractors do damage from the inside. User behavior analytics collect and analyze data that establishes baselines of user data behavior. Then, machine learning algorithms look for signs of abnormal and possibly risky activity.
Solutions that protect information
Many security experts are unsure that total data breach prevention is possible. However, a comprehensive, multi-layer approach adds many types of protection to your security toolkit. The multi-layer approach includes these features and capabilities:
- Database firewall, a software appliance that looks for unauthorized access to your information and protects against attacks on sensitive information stored in databases.
- Data masking and encryption, which hide or alter sensitive data or make it useless to intruders, even if it’s extracted from your site.
- Data discovery and classification services, which reveal the location, volume, and context of data stored on-premises and in the cloud.
- Database activity monitoring, which inspects data in warehouses, relational databases, and mainframes and generates real-time alerts when policy violations occur.
- Alert prioritization, which uses machine learning to monitor security alerts and focus on the highest-priority cases.
When it’s time to defend your IT infrastructure against data breaches, there’s no reason to get nervous. There is no magic bullet against data breaches, but there are plenty of attack detection and data protection tools ready to use.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.