Mean Time to Response (MTTR) is one of the most important aspects of any cybersecurity organization. The recent breach at Blackbaud, a cloud software company that helps non-profits to support their philanthropic efforts, has had serious ramifications on the company, the non-profits that they serve, and the donors that support them across their digital supply chain.
The incident has now been reported to have started on February 7, 2020, was not detected until May 20, 2020 and not reported to those affected until July 23, 2020. The number of higher ed and non-profit institutions that have apparently been affected continues to rise, the last count being some 125 organizations in the US, UK, Canada and others. These organizations are now having to notify their donors that their information may have been compromised.
Blackbaud stated that they “learned of and stopped” a ransomware attack on July 16, 2020, but they actually paid a ransom and believe that the copy of stolen information was destroyed.
The time between the actual start of the breach at Blackbaud and detection of the breach was 104 days. The time to remediation was 58 days. This gave the criminals unfettered access to freely find and exfiltrate data.
Costs of a Data Breach are Staggering
A recent IBM report (Cost of a Data Breach report 2020) states that on average, companies take about 197 days to identify and 69 days to contain a breach, that the cost of a breach goes beyond the amount of data lost or disclosed depending on the time it takes to find it, and this lengthy amount of time costs businesses millions of dollars.
Companies that contain a breach in less than 30 days save more than $1 million in comparison to those who take longer. Companies also face major fines if they take too long to disclose the breach. Under GDPR, companies must report a significant breach within 72 hours of learning of the incident or face fines, this clearly did not happen with Blackbaud. The IBM report goes on to say in total, a data breach costs about an average of $3.86 million. In addition to financial loss, brand and reputation can be negatively impacted.
Reducing Mean Time to Response with Automation
The IBM report states that technology is another element that plays a big factor in a company’s response time, security automation in particular. Security automation can dramatically reduce the amount of time that security teams take to remediate a breach such as this.
Automating security tasks enables the automation of time-consuming tasks to allow security analysts to focus on the larger and more substantial problems. Automation also eliminates the chance of human error and increases your chances of detecting a security threat.
IBM also found that companies that fully deploy security automation have an average breach cost of $2.88 million whereas companies without automation have an estimated cost of $4.43 million.
Speed Detection and Response with DTonomy AIR
DTonomy AIR augments analysts with automated workflows to reduce the time spent on repetitive tasks and frees them to focus on more important complex issues. The system discovers patterns, makes predictions, prioritizes alerts and recommends actions.
A quick, accurate and coordinated response is imperative to minimize damage from any sort of breach. Using automation, analysts can more quickly identify malicious behavior, prioritize and focus on the most dangerous alerts, and respond and remediate more rapidly and intelligently.
We are pleased to announce that DTonomy is now part of Stellar Cyber. The integrated solution will enhance cyber threat detection and response automation!