Site icon IT World Canada

The aftermath of a data breach and how to secure your business

Featured image - cyber attack
By Greg Young
Vice-president of cybersecurity at Trend Micro

 

It has been over a year since Canadian businesses have been mandated to report a cybersecurity breach. It’s no surprise that the threat landscape is increasing and breaches have become so common. But what happens to a businesses’ confidential information or customers’ personal details after a breach occurs? Where does the information go? And, because once a breach has taken place and the compromised data continues to remain susceptible to other attacks, what control – if any – do businesses or consumers have, to protect themselves from it happening again? 

Where Does it All Go?

Once private data has been stolen, it typically ends up in one of three places:

Losing Control

The reality is that cybercriminals can exploit victims of a data breach that happened as far back as half a decade, which was seen earlier this month when a new extortion campaign threatened the victims of the 2015 Ashley Madison breach. This is unsettling, but also unsurprising. Once posted publicly on the internet, private information can easily be stolen, and those who own them are left with little to no control over who accesses their data. The blackmail may not just affect the victims themselves, but also people related to them, and breached personal data can even be used to attempt to breach the companies the victims work for.

The reuse of exposed personal information can be done not just for extortion, but also for other attacks such as credential stuffing. Credential stuffing is the automated injection of breached usernames and passwords with the use of botnets in an attempt to access online services.

Taking Control and Warding of A Potential Breach

There are three important steps that businesses must take in order to maintain control and prevent being impacted by a potential cyber breach:

Today’s threat landscape is so wide and varied, it requires round-the-clock monitoring, full visibility into IT environments and a multilayered approach to keep hackers at bay.

 

Exit mobile version