Do you know how much personal information your organisation holds? Where it lives? How it is stored? Who has access to it? And how, or even if, you can determine whether or not it has been accessed inappropriately?
Implications of data breaches
Since the introduction of the General Data Protection Regulation by the European Parliament in 2016 there has been a growing global shift in the way people expect their information to be handled - that it is kept private, and that access to it is regulated. Putting control of personal information back into the hands of each individual.
In New Zealand, the Privacy Act 2020 states that the Privacy Commissioner should be notified when a data breach occurs, and the breach has caused (or is likely to cause) serious harm to an individual.
Current breaches in Australia where customer data was stolen, and recent other examples such as TikTok and the Australian Federal Police (AFP), are a timely reminder of the significant and far-reaching impact of breaches, and that no one is immune from the threat of data breach, even large tech companies and law enforcement agencies. Also, that the data organisations hold may vary, but it still may present an enticing target for cyber criminals.
The breaches we often hear about are big, sophisticated and can have an impact on a large number of people. However, breaches take many forms, they can be smaller and inadvertent, for example:
a copy of a payroll report being saved to a company shared drive that everyone has access to;
an email being sent to the wrong person;
a phone left at a coffee shop; or
paper being left in the printer.
No matter how the breach occurs, the threat to data and personal information is real and ever-present.
The fallout from these events is a loss of trust in the organisation which can have crippling and long-lasting effects. When people provide their personal data, they expect it to be kept safe, only used when required, for the purpose it was provided, and by people authorised to do so.
Challenges in tackling breaches
In our work assisting both individuals and organisations responding to malicious breaches caused by cyber criminals, as well as accidental breaches, we have found a consistent and common theme - organisations do not fully understand the scale, sensitivity, and complexity of the information they hold, where it is, and who can access it.
The most critical steps in any breach and those that allow your organisation to begin its response are:
understanding what has happened;
creating a timeline for the breach; and
defining the information and systems that have been impacted.
The key part is having the right monitoring in place to identify when a breach occurs and aid in defining its scale. In a 2022 study, it was identified that the average time to detect and remediate a breach is 277 days, with the cost scaling up with time since the breach.
The best source of information to understand the nature and extent of any breach are the logs of activity. Logs record the activity undertaken on or using a given system, i.e. logs from a file share might include information about who accessed what files when.
Unfortunately, experience has shown us that they’re often not enabled, or even if they are, they’re not retained for a long enough period of time, or, for the systems compromised in the breach. Logs from key locations allow the timeline to be created and define the scope and scale; they form the basis of your evidence to answer; when did the breach happen? How did they gain access? Do they still have access? What information did they take? Where did they send the information? Has the information been leaked? And even sometimes, who was responsible?
Read Personal Information - Immediate actions to take on a breach to learn more about the immediate actions to take after a breach.
Contact us
