Why Digital Risk Management Solutions Are The Future Of Charity Cyber Security

Where Is Your Data Stored?

 

In the past, you knew precisely where your data was. Today, your data is everywhere, and it lives in three types of locations.

Inside your network

• On premise

• On private Cloud

 

Inside your supply chain

• Supply chain partners
• 3rd party apps

 

Outside your business

• Devices
• Shadow IT
• Surface, deep & Dark Web

 

Keeping control of on-premise data is straightforward enough.

 

You probably already have systems in place to manage data security inside the firewall. Cloud security adds additional process and complexity.

 

But, when data leaves the business, things start to get tough. Requiring suppliers to conform to standards is a good first step; on-going enforcement is harder. Not least because your partners and suppliers will also be reliant on third-party suppliers themselves. This only increases digital risk further.

 

To top it all off, data could be stored on devices or shared on emails using insecure networks. All of this means that your data could end up in other locations without your permission, your knowledge, or your protection.

 

So how do you keep up?

 

 

The 2 kinds of data breach

Broadly speaking, data breaches fall into one of two categories:

 

Human error

• Wrong email address
• Lost device
• Data theft

Malicious attack

• Phishing
• Hacking
• Ransomware
• Ex-employee

 

The first of these is human error. Staff who work for you or your partners may accidentally lose data. A mis-addressed email or lost phone incident can happen to any business. Information incorrectly distributed or lost is the biggest cause of personal data breaches in the UK.

 

The second type of threat comes from a malicious attack. These can take many forms depending on the motivation for the attack, which could be to harm to your reputation, or operations or simply for financial gain. Bad actors could even include a former employee holding a grudge. Even if you have fantastic security and faultless processes, your business can still be at risk of attack through your supply chain.

Most businesses only focus on protecting data inside the network

How do you know if your data is already out there? Most likely you won’t. That’s because most businesses use one type of security solution. That is, security solutions that are focused on defending the network and data from external threats. And this is where Digital Risk Protection comes in – looking for your data and threats to your data outside the firewall, and beyond your network.

 

 

 

How This Works: A Case Study

Breast Cancer Now is the UK’s largest breast cancer research charity, having merged with Breast Cancer Care in 2019. It focuses on making a world where everyone who develops breast cancer will live, and live well, a reality by 2050.

 

To this end, the organisation is funding almost £25 million worth of cutting-edge research and directly supporting nearly 380 scientists. The organisation collects donations through gifts, fundraising, corporate partnerships, special events and more.

 

Given that Breast Cancer Now handles the personal and financial details of thousands of donors, data protection is a huge priority for the organisation.

 

A data breach is a reputational risk that could have a significant negative impact on the charity’s future fundraising activities and its ability to deliver on its goals.

 

Because of this risk, the IT team needed to increase its ability to detect if and when a breach had occurred. During the team’s planning for complying with the General Data Protection Regulation (GDPR), it was decided to deploy a mechanism that would notify the team if any of the organisation’s data was breached.

 

“We wanted to go into GDPR with our eyes wide open. It quickly became apparent that the ability to detect if we had been breached was a key capability. We needed to be able to react more quickly in the event of a breach and keep our donors’ data safe.”

 

- Brigid Macdonald - IT manager, Breast Cancer Now

 

The organisation then considered Skurio’s BreachAlert solution, which proactively monitors the open, deep and Dark Web for data belonging to the organisation — alerting the IT team if data appears anywhere it shouldn’t, indicating a breach.

 

This real-time monitoring capability exactly matched Breast Cancer Now’s requirements and desire for peace of mind when it came to data protection. As a result, the organisation went ahead with implementing BreachAlert.

 

Breast Cancer Now went live with BreachAlert in May 2018. The platform was integrated into the organisation’s IT and data teams under the GDPR directive and was immediately supported by the GDPR direction board following recommendations to address the breach identification and notification process.

 

As Breast Cancer Now’s primary breach detection solution, BreachAlert searches for the charity’s domain information appearing on the open, deep and Dark Web — including legacy companies, email addresses, IP address ranges and keywords.

 

“We have found implementing BreachAlert a seamless process from start to finish. The platform, itself, is quick to set up and very intuitive, making it easy to create notifications and search its historical database. The analysts and support team are always on hand to assist with any questions we may have.”

 

- Brigid Macdonald - IT manager, Breast Cancer Now

 

The results of BreachAlert were almost instantaneous for Breast Cancer Now. Before going live with the solution, the charity had been notified of an unauthorised sign in to its systems by Office365. However, during the proof of concept phase, BreachAlert identified a Dark Web post that was the source of the password credentials used in the unauthorised login.

 

“If BreachAlert had been in place prior to this threat, we could have put relevant measures in place internally, mitigated the threat and ultimately prevented the unauthorised login before it happened.”

 

- Brigid Macdonald - IT manager, Breast Cancer Now

How Skurio Can Help

 

Early detection of breached data is one way in which organisations can prevent account takeovers and unauthorised access. Automated solutions that work around the clock provide faster detection.

 

Data breaches impact the reputation of any organisation affected. Taking steps to monitor for data breaches and external cyber threats can help to maintain trust with your stakeholders.

 

Few organisations have the skills and budget to maintain a fully staffed and tooled security operations centre. Cloud-based solutions which can be quickly deployed and easily used by existing staff with no cybersecurity expertise have significant benefits.

 

The impact of a data breach can be expensive to the reputation of an organisation as well as its finances. Yet, the average time to detect a breach is 197 days. Skurio solutions monitor for your data across the surface deep and Dark Web 24x7. Instant alerts mean that you can detect breaches sooner and react faster.