Anatomy of aBreach

Today’s biggest heists might not look like the movies.

But rest assured, I’m just as destructive. I’m better organized and more sophisticated. I target more than just a single enterprise; I can cripple an entire industry. There’s more at stake than ever before: business disruption, data loss, intellectual property damage, and financial gain. Before you can stop me, it’ll take you days to even notice I’m there—99 days, on average.

In fact, most breaches go fully undetected and remain completely invisible—I’m probably already there. How do you plan on stopping me?

$0 usernames and passwords were compromised in 2016.

In 2017, the average amount paid for each lost or stolen record containing sensitive or confidential information was USD $141.

Can you catch potential threats before it’s too late?

The total cost of a data breach increased from 2013–2016 by 0%.

A ransomware attack in January 2017 shut down Maersk Line’s systems for 20 hours, costing the company $2.9 million dollars per hour, or a total of $59 million dollars.

What does a data breach cost?

Short-term costs, related to the activities involved in the discovery and immediate response to the data breach, may include:

  • Conducting investigations and forensics to determine cause
  • Incident response and recovery
  • Making system updates and security fixes
  • Conducting communication and public relations outreach
  • Preparing documents and disclosures to victims and regulators
  • Implementing call center procedures and specialized training
  • Lost revenue for impacted services
  • Lost productivity for using additional resources from other departments
  • Overtime costs for employees
  • Third-party vendor escalation support

Long-term costs, usually incurred in the aftermath of the breach, may include:

  • Lost customer trust
  • Impacted stock price
  • Free or discounted services offered to victims of the breach
  • Identity protection services
  • Lost customer business based on calculating customer churn or turnover
  • Customer acquisition and loyalty program costs

Phase 1: The Break-In

Complex Security Measures mean big hacking opportunities:

Ignored software
update notifications
Software vulnerability
infrastructure, and software
compromising the network
Server misconfigurations

What are the biggest mobile security pain points?


Companies want a solution that detects and remediates threats according to corporate policy.


Companies want a solution that integrates with their existing network, endpoint, or ITSM platforms.


Companies want to see all threat types and affected devices.




of organizations are unsure whether their BYO or corporate devices have connected to a malicious Wi-Fi in the past.


Employee training is the first step toward preventing security breaches. In fact, 9 out of 10 firms now employ security training to assess or improve knowledge among employees.

Key access points:

icon representing email Attachments
Email attachments
icon representing email Links
Email links
icon representing social media
Social media
icon representing supply chain
Supply chain

Once I find the weakest point in your security, the rest is just a walk in the park.


Protect, Personalize, Audit

Provide consistent notifications to update your software and networks, reduce privileges or number of accounts with access, and provide training to employees to learn how to be vigilant about phishing emails.

  • Protects users' identities and controls access to valuable resources based on user risk level
  • Considers user location to trigger multi-factor authentication and conditional access policies
  • Monitors suspicious activity through advanced security reporting, auditing, and alerting
  • Employs health attestation policies that ensure devices satisfy policy requirements

See how providing protection at the front door can help your organization prevent identity compromise.
Learn More


Cyberattacks have increased in the financial services industry in recent years. If not properly set up, test environments without certificate protection that validate endpoint request access can lead to breach. In the case of a financial firm during tax season, a test server left exposed to the internet revealed the culprit. The compromised server account was a domain administrator, giving the attacker unfettered access within the network. The account was used to stage and deploy the ransomware that affected 682 systems within the network, and the attacker also accessed a domain controller.

The result? The firm had to consider all account usernames and passwords compromised.

Phase 2: The Inside Man2

Now that I have a foot in the door, I scan (network scan) for new access points for greater payoff. Anyone at your company is a target.

The most common targets are:

icon of high security folders

Employees with higher access than needed

icon of a popup requestion to update

Out-of-date systems

icon representing international companies

Companies without an official in place

Often, the only way to take control of a system is to identify system managers and impersonate their ability to manage, update, and access system resources, since these functions are typically beyond a normal user’s capability.

On the lookout for higher access privileges, I start searching for my next mark.

In just 24-48 hours I can have complete control of the network.

User accounts with administrative access
Built-in and downloadable tools
Applications and processes with administrative access
Other systems with greater administrative privileges or access to valuable data

More than60%of organizations report that they have too few information security professionals.


The supply chain is extremely vulnerable to security risks. One manufacturer discovered an intrusion into a system the company used to make service-related announcements. The hackers gained a foothold from the data loss, launching several phishing campaigns to gain access to everything from corporate credentials to social media login information to remote access authorizations.

They used a malicious Word document to leave a backdoor on more than 800 systems, including many high-value servers and domain controllers. The attackers used the captured credentials to live off the land (and hide in plain sight in the environment to access various resources).


Protect, Detect, Respond

Once attackers are in your network, they can steal information, breach your corporate privacy policy, and destroy customers’ trust. You need to understand the vulnerabilities across your company’s identity, apps and data, devices, and infrastructure in order to protect against threats and recover quickly. Stay ahead of advanced threats with a threat protection solution that:

  • Detects threats and attacks that have made it past other defenses
  • Provides key information about attacker tactics and motivations
  • Gathers detailed footprints of attacker actions from across the organization
  • Supplies information on the attack and recommends a response

Protecting your organization against threats can significantly reduce the business risk of an attack, and the difficulties that come with managing one.
Learn More

Phase 3: Spread Out

With nobody the wiser, I watch for further security weaknesses.

Before you know it, I'm everywhere with widespread access to your network.

  • icon of a warning sign and maginfying glassOdd-looking database accounts that are not questioned
  • icon of a 404 errorSlowly patched software
  • icon of a calendarNo routine security reviews
  • icon of an insecure passwordSame company-wide local administrative password for HR, accounting, and critical IT management computers
  • icon of multiple users with access to a keyAdministrative access still given to too many accounts
  • icon of an admin badgeLocal accounts used in an emergency, then left on the system for future use

Since the beginning of 2016, more than 4,000ransomware attacks have occurred every day—a 300% increase from 2015.

Identifying these tell-tale signs of an attack can keep you a step ahead of the hackers:

  • icon representing data downloadingSudden download of terabytes of data
  • icon representing files being movedLarge number of files getting moved
  • icon representing a user with a keyUsers accessing files they typically don’t access
  • icon of two drop pinsSimultaneous logins from two countries
  • icon representing failed login attemptsMultiple failed login attempts


Detect, Classify, Protect, Monitor

As employees use their own devices, accidental leaks through email, social media, and the public cloud can be out of your control. Your data management needs to be optimized for various levels of sensitivity to ensure that documents and emails are seen only by authorized people. Employ an information protection solution that:

  • Mitigates the risks of stealing via file classification, labeling, and monitoring
  • Prevents potential data leakage without interfering with the employee experience
  • Keeps employee and corporate data separate, without switching environments or apps
  • Protects existing LoB apps without requiring an update
  • Wipes corporate data from devices while leaving personal data intact

Breaches happen. Understanding how your organization can protect and monitor sensitive information can help mitigate risk.
Learn More


Companies in the shipping and transportation industry should keep a risk-based approach to cybersecurity top of mind. One shipping organization’s data was compromised via an internet-accessible legacy web application running on a dated Linux operating system.

Hackers took advantage of the fact that the shipping organization didn’t have centralized monitoring software installed. They loaded variants of NBT-scanning software and scanned for other Netbios-enabled targets, which eventually provided a pathway to the internal network. Attackers harvested domain admin-level credentials and used them to connect to roughly 15 other systems, including a domain controller in two different domains.

Phase 4: The Long Con

Thanks to deploying continuous, stealthy processes like remotely connecting to your network through a third-party, my job only gets easier with time.

Average total cost of a data breach

With a permanent backdoor or alternate mechanism installed for long-term access, I’m in your system for the long haul or leave whenever I please.

$4,130,000:Total cost of lost business for US organizations in 2017.

Lost business is an organization’s most potentially severe financial consequence.

Assume breach! My strategy’s greatest nemesis, this mindset shifts business leaders and CISOs from purely preventive security measures to detection, response, and recovery of security issues.


Service automation companies are increasingly becoming hackers’ target, particularly to cause reputational damage or to use as a stepping stone to other organizations.

Hackers compromised a domain account with local admin privileges for 1,000 machines with the ability to gain access to an additional 50,000 machines. The attackers logged on, installed a remote access tool, and dumped credentials—going undetected for three months. Machines and domain controllers revealed backdoor Trojan access using a legitimate account via VPN connection through FireWall and WinNTI Keylogger, along with privileged account exposure. Additionally, 220 instances of malware, 62 instances of ransomware, and 30 Trojan backdoors\remote access tools were detected in the environment.


Visibility, Control, Guidance

Managing distributed resources across many environments is no easy feat, especially with constantly evolving threats. More attack surfaces need to be protected. And as employees access corporate data in the cloud, you need greater visibility and control over your diverse environment and security tools. Employ a security management program that:

  • Enables various tools to communicate with each other
  • Gives customers the ability to react quickly during a breach, based on new insights
  • Helps identify high-risk and abnormal usage, as well as security incidents
  • Gives you enhanced visibility into your usage and shadow IT

Discover how a simplified, intelligent approach to security management can help you prepare for a cybersecurity crisis, and navigate through one.
Learn More


  1. M-Trends Report," 2017, FireEye/Mandiant
  2. Credential Spill Report," 2017, Shape Security
  3. Cost of Data Breach Study: Global Analysis," 2017, Ponemon Institute
  4. Cost of Data Breach Study: Global Analysis," 2016, Ponemon Institute
  5. The Maersk Cyber Attack: Wake-Up Call for the Industry," 2017, LinkedIn
  6. Testing the Defenses: Cybersecurity Due Diligence in M&A," 2016, West Monroe Partners]
  7. Mobile Security Spotlight Report," 2017, Crowd Research Partners
  8. International Trends in Cybersecurity," 2016, CompTia
  9. Global Information Security Workforce Study: Women in Cybersecurity," 2017, Frost & Sullivan
  10. How to Protect Your Networks From Ransomware," 2016, U.S. Department of Justice