What would be the impact if your data ended up in the wrong hands? Someone or organization that was able to actually do something with the information that you have on your systems. What would they do? Could they profit from it? What would happen to you? your customers? your image?
The initial breach itself typically has a minimal impact. Most would think that this would be the biggest issue, the interruption. The fact is the goal is not to interrupt, not to alert you that something has or is happening. After the data has been taken the intruder will likely “hang out” and see what else they can do. Once the data has been sold or exhausted for its value that is when phase two occurs.
This when the sale of the data takes place. I recall a small credit union calling us one day because several of their clients were coming into their offices and claiming that money was taking from their accounts. There were a flood of people coming in! This still wasn’t the most costly phase!
The intruder will then start to use your systems to try to break into other systems, host spam engines, host images like pornography and other activities that cause havoc and interruptions. This still is not the worst part! Once the dust has settled and your network is put back together you might not even know that your data was taken because it wasn’t! That is correct, they didn’t take the data they took a copy so you don’t even know until the next phase.
The last phase is when your clients leave because they don’t trust your system. This is typical of the high-profile clients that have to deal with compliance and regulations and just can’t continue to operate their business with your organization as their vendor. Yes, the high-profile clients probably represent the top 20% of your client base and probably 80% of your revenue.
We have witnessed this with small businesses here locally and certainly we have all heard of the high-profile large companies that have been compromised and been through all four phases. Some have suffered repeats of the same because they still didn’t take the appropriate and necessary actions. It is even worse when the intruder doesn’t leave a copy and actually destroys or deletes the data and the business then discovers that their data hasn’t been backing up even though they thought t was.
What would happen if you lost 80% of your revenue and had the reputation of having an insecure system?