Facing into a breach (and the ICO!)…


It’s happening!

The whole world is now in agreement on a seriously uncomfortable truth; if your business has not yet suffered a breach, you are not far off from facing one. In fact, over 85% of UK businesses have suffered some form of data breach in the last 12 months alone (1). It’s now not an if, but a when. This is a deeply awkward reality for business leaders. Right now, in the UK alone, there are 30,000 open breach cases with the ICO (2).

The question that everyone, at almost every level of business is asking right now are; could there be any way in we can reduce the cost of a breach operationally, reputationally and commercially. And I believe, that after many years of searching, I have some meaningful answers!

Forget proactive defence!

So, let me quantify this. Please don’t actually forget about your proactive threat posture. I’m absolutely not suggesting you bin off antivirus and firewalls. But I am saying that despite all the claims from the big players, your main threat actors aren’t looking at the firewall as a point of interest. It’s merely a doorway into the data that lies beyond.

When you report a breach to the ICO, they will of course want to know that you actually had fit-for-purpose firewalls, passwords, antivirus and everything else in-between. But they also want to know what it is that was stolen. And this is where a huge chunk of resources end up being consumed; because up until recently, it was a desperate job trying to understand where the hacker ended up, and what they may have accessed.

Imagine finding, after hours of painful forensic investigation that a threat actor gained accessed to an on-prem Windows file share server. A file share that contains 10,000 folders and 2,700,000 million files? Statistically speaking, many organisations believe that 75% of that data is dark and won’t have been accessed in years (3). And it will absolutely contain customer data, PII and sensitive internal data too. But, how much? What’s the exposure? How do you possibly start? Other than deploying a team of people to start double clicking through folder structures and painstakingly opening every document to review, item by item?

What’s the answer?

The specific answer you’re missing is called Exonar Reveal. In a short window of time, the Exonar Reveal platform will ingest, analyse and index all your data. And provide at a glance, simple results that show you exactly what data you had stored in any given location. Number of files? Check. PII present? Check. Company sensitive information? Check. Size of objects? Check. Total risk profile? Check. Ethnicity, credit card details, religion, email addresses, physical addresses, national insurance numbers…check check check!

We can highlight exactly what content is stored in every file, at every location and aid your organisation to very quickly report on PRECISELY what has been taken.

Imagine the difference it could make to the commercial impact of a fine from the ICO. Were you able to provide evidence that the data you lost was absolutely not going to compromise any customer or employee privacy rights?

Imagine the reduction in costs associated to employee productivity if tooling could drive out hundreds of hours work that provided only partial responses to the business needs?

Imagine the difference it could make to your reputation, with the market were you able to demonstrate to your suppliers, customers and employees that, despite a breach, their data and their privacy is safe in your hands?

You don’t need to imagine this reality anymore. It’s here. It’s Exonar Reveal.

1) https://www.dbxuk.com/statistics/data-breach-statistics
2) https://ico.org.uk/action-weve-taken/data-security-incident-trends/
3) https://priceonomics.com/companies-collect-a-lot-of-data-but-how-much-do/