In the case of a personal data breach …the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority…
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
Aside from the regulation, detecting a breach is incredibly important for 2 main reasons:
1 – How can you respond to something you don’t know exists?
2 – The longer a threat persists, the more damage will be done.
Let’s compare this to physical security for a moment. On a house you could put the most secure windows, doors and locks, significantly reducing the chance of being burgled. However, does this completely eliminate the chance? Absolutely not! So, in addition, you install an intruder alarm. That way if anybody does try to break in, you can be notified immediately, allowing you to respond accordingly and stop them causing any damage. It’s exactly the same in data security; despite everything you can/should do to protect your data and infrastructure there is always a risk of attack.
Gartner recently advised that the average time taken to detect a cyber attack, was an astonishing 205 days – with an additional 80+ days to respond. The potential damage that could be done in the that time frame is alarming to say the least. This kind of research has drawn a great deal of attention to the need for enterprises to put in place more effective ways of detecting potential attacks. With the GDPR, specifying a notification time of 72 hours, a lot of enterprises are currently reviewing how it’s possible to achieve this.
The number of potential indicators and false positives presented to IT teams is frankly overwhelming. What they really need is the ability to detect and respond to breaches faster and with greater intelligence. Detection methods must scale to secure a massive increase in lateral movements of traffic. When a potential threat or breach is detected, automated tools can then be used to help teams understand the threat/breach and know how to prioritise responsive action. The good news, is that we have recently seen big investment and developments in this area. With a number of tools that can help achieve this goal, the selection of which tool/tools an enterprise should adopt, relies wholly on the people, processes and technology within that particular company. Then subsequently finding an overall solution which is appropriate and fit for purpose.