Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
Data is the lifeblood of today’s enterprises. No matter an organization’s size, specialization, or sector, its operations depend upon storing, handling, processing, and transmitting data.
What’s more is that much of the data that’s stored by your organization is considered sensitive and is therefore the target of data breaches and compromises. If your organization can’t secure your crown jewels adequately, it can prove to be a costly mistake.
According to the Cost of a Data Breach Report 2021, the average cost of a breach rose 10% from 2020 to 2021, reaching $4.24M USD—equivalent to about $160 per record. These costs were determined by accounting for the expenses of process-related activities across four cost centers:
Interestingly, the cost of a data breach is also impacted by variables such as maturity of the cybersecurity posture, adoption of remote work, and the use of ransomware:
To avoid incurring the costs associated with successful data breaches, you must understand the risks associated with the sensitive data your organization has access to, which starts with recognizing what data you possess, and what TTPs attackers will employ to access it.
Once you understand this, your cybersecurity team can prioritize the protection of the data and attack vectors to ultimately reduce the probability of the data breach, avoid the associated potential loss, and reduce your overall risk profile.
Sensitive data encompasses a wide range of information and records, including:
In recent years, owing to the rise in cybercrime and data breaches, regulators have adopted clearer definitions of sensitive data, have tightened up the rules governing its processing, and have enforced penalties against organizations that fail to meet the requirements. For example, the European Union’s General Data Protection Regulation (GDPR) considers the following personal data to be “sensitive” and therefore subject to specific processing conditions:
While a subset of industries, such as healthcare, finance, and legal services, receive most of the attention (and generate most of the data breach headlines), the breadth of information that’s considered sensitive means that essentially every organization actually collects or processes it.
And that means practically every organization—no matter the size—is a target for data breaches.
Cyberattacks targeting sensitive data are widespread—but why is that the case? While it comes down to money, cybercriminals target sensitive data because it’s valuable to their operations both as a revenue source and as a direct enabler of malicious actions.
First, using ransomware attacks to make crucial information unavailable continues to generate impressive returns for cybercrime gangs, with the average ransom across all industries reaching $570,000 in the first half of 2021—an 83% increase over 2020.
Cyberattackers also routinely employ double- and triple-extortion tactics to compel their victims to pay to decrypt their files and data, but also to prevent the publication of PHI/PII—thereby possibly avoiding regulatory fines and keeping the event out of the public’s eye.
Second, whether the victim pays the ransom or not, the attacker may use the stolen data to advance their own activities and sell it on cybercrime marketplaces:
Unfortunately, the proceeds serve as fuel in the engine of cybercrime, self-funding extensive operations and ongoing research into new ways to victimize organizations. Leveraging this ecosystem of experts and ransomware-as-a-service reduces operational costs and accelerates the cybercriminals’ time to market, while leading to growing ransoms and ever-increasing revenue. Dropping operational costs and increasing revenue creates bigger profits, and cybercriminals will always follow the money.
Beyond the profit motive, there are two other reasons why the risks associated with sensitive data are growing: increased means and opportunity.
First, although cyberattacks are nothing new, cybercriminals continue to evolve their Tactics, Techniques, and Procedures (TTPs). For example, while ransomware attacks used to be opportunistic, today we see sophisticated operations that target high-value victims and combine automated elements with manual activities. The gangs behind these cyberattacks are organized, well-run, and even leverage role specialization to expand the reach and velocity of their campaigns. What’s more, the rise of ransomware-as-a-service and affiliate marketing models have made it even easier for new operators to break into the cybercrime market.
Second, the unfortunate reality is that cyberattackers have no shortage of attack vectors, due to a combination of factors, including:
How to secure sensitive data and reduce cyber risk
We live in a world where people constantly share personal information online giving threat actors endless opportunity and time to use personal data as a key that allows easy entry into a target network. So, when thinking about data security, it’s important to consider the probability of your traditional perimeter defenses being bypassed by hackers and how prepared your team is to protect against sensitive data theft.
The foundation of any effective cybersecurity program is recognizing that cyber threats are business threats. For most organizations, the best way to direct scarce resources with the goal of reducing cyber risk over time is to adopt a risk-based approach to cybersecurity, rather than a maturity- or compliance-based approach.
To get started with a risk-based approach, organizations can perform a risk assessment to determine all the relevant factors that will shape their program: vulnerabilities, threats, industry factors, regulatory guardrails, and so on.
It’s also important to understand your sensitive data risks. While this may seem obvious, asking a few questions may lead to some surprising answers. For example:
Many devastating cyberattacks begin with a phishing email that tricks a user into helping the threat actor. To counter this threat, organizations should provide employees and extended team members with some form of Phishing and Security Awareness Training (PSAT) as an important element of their cybersecurity program.
Effective programs leverage realistic threat scenarios to foster context-relevant (e.g., tailored to your industry and organization) cybersecurity awareness—ultimately driving behavioral change that reduces your risk by building a culture of cyber resilience.
Reducing the cyberattack surface is a crucial element of making it harder for threat actors to break into your environment and a comprehensive vulnerability management program is a cost-effective way to do so.
A great program includes continuous awareness of the threat landscape (e.g., from advisories, notifications, cyber news, etc.), vulnerability scanning to understand which systems are inadvertently exposed, and disciplined patch management.
A study commissioned by eSentire shows that it takes a cyberan attacker only 20 hours on average to breach an IT environment, locate sensitive data, and exfiltrate it. That means organizations have very little time to stop an attacker who breaks in—and that’s why engaging an Managed Detection and Response (MDR) provider is so important.
MDR leverages multi-signal coverages of the attack surface to quickly identify cyber threats that bypass existing defenses, triggering a combination of automated and human-led response to contain threats before they can become business-impacting events.
Like money in a bank, data is the currency of cybercriminals. Given its high value and importance to both an organization and their customers, it’s easy enough to extract payments from victims of a data breach. Especially since this data can be sold in cybercrime marketplaces and employed in subsequent cyberattacks.
To learn how eSentire can help you identify and contain cyberattacks early in the attack chain and prevent attempts to exfiltrate sensitive data, book a meeting with us now.
Get notified of the latest news, intel and helpful tools & assets. You can unsubscribe anytime.
eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.