Data Breach or Cyber Incident?
by David Wren
I’m a huge fan of America’s native spirit, bourbon. My wife and I enjoy a few trips a year to bourbon country (Kentucky) to visit some of our favorite distilleries and hopefully find a few rare, hard-to-get bottles to bring home and enjoy with our friends and family.
On May 4, 1964, the United States Congress recognized bourbon as our country’s national spirit, a unique product exclusively produced in the U.S. Much like scotch comes from Scotland, bourbon is all American. There are rules and regulations for producing and advertising bourbon. Otherwise, it would simply be whiskey (or whisky without an ‘e’ in some countries) -- hence the saying, “All bourbon is whiskey, but not all whiskey is bourbon.”
What are these bourbon rules and regulations? Here are the basics. Bourbon must be made using at least 51% corn, distilled no more than 160 proof, and aged in a new, charred oak barrel, and must not be placed into the barrel at higher than 125 proof. Only whiskey produced in the United States following this method can be labeled bourbon.
Technically speaking, bourbon has no age requirement. However, additional legal requirements in the “bourbon universe” further define categories that you may see on bourbon labels. Examples include “straight bourbon,” “bottled in Bond,” “aged 10 years,” and even “doubled oaked.” They are finished in a different style of barrel or in a barrel with staves for greater complexity in flavor and richness.
As you can tell, I have a passion for our native spirit and a similar passion for cyber security. Over the past several weeks, my team and I have been busy working several “cyber incidents.” Typically, we work on two or three per month, and occasionally we go a month without working on one at all. However, in the past month, we have worked on more than a dozen. Fortunately, in these cases, there was no “data breach.”
In many cases, when our team arrives, we commonly hear, “We’ve been hacked,” or “We’ve been breached.” As you can imagine, there is often a level of panic given the uncertainty of such events.
Using proper terminology and clarifying the interpretation around an event are critical, and our team is prepared and trained to handle both. By definition, a “cyber incident” is an event that could jeopardize the confidentiality, integrity, or availability of digital information or information systems. Furthermore, a cyber incident leads to a violation of an organization’s security policies, puts sensitive data at risk to exposure, and can compromise the functionality of network resources and availability.
A “data breach” is a specific type of security incident. Much like bourbon, “All data breaches are security incidents, but not all security incidents are data breaches.” A data breach exposes confidential, sensitive, or protected information to an unauthorized person. The breach needs to be confirmed through some level of forensic analysis, and the inspection will show what data were compromised and the extent to which the actor was able to gain access.
There are rules around data breaches. These rules can vary by state, contract, vendor, insurance carrier, and so on. No organization is immune to the risk of a cyber incident or data breach, and both can be very costly. One of the most important steps you can take is to be prepared.
Understand the risk to your organization and the potential impact of both a crippling cyber incident, where your email or other systems may be down for several days, and a full data breach, which requires a notification to be sent to all your clients and business partners.
A couple of years ago, a large organization that was under a sustained, crippling denial-of-service (DDoS) attack called our office for help. They had contacted their service provider and a couple of other security firms for recommendations, which ranged in cost from tens of thousands of dollars per month to more than $200,000 per year. We were able to give them relief within an hour, and we fully remediated the problem with improved operational efficiency for around $500 per month.
I tell this story because that organization was unprepared. When they called their carrier and other service providers for help, they were in a panic. That panic translated into opportunity for the carrier and service providers, and their rates were exorbitant. Too often, we come across organizations that called others for help in a time of need, and we find they were overcharged and underserved.
We expect the current trend of increased cyber incidents to continue through 2021. There are simple steps you can take to protect your organization and clients, some of which we have covered in previous articles. Developing and implementing a good cyber security plan can save you tens of thousands of dollars; help you to be prepared; and point you to the best people and time to call.
David Wren, CISM, is President of Network Technology Partners, a regional Cyber Security Intelligence firm headquartered in St. Louis, Mo. He can be reached at dwren@ntp-inc.com.