There are many misconceptions about what may happen during a breach and whether or not the world will get your data after a breach occurs.  To begin, there are many types of breaches that can occur and not ALL of them would lead to your data being stolen.  Some breaches are simply nuisance breaches which cause disruption to your organization and others could be as serious as a wide scale ransomware attack where all your data is collected and sold.  There are some factors which could help you determine the extent of a breach as well as how you can minimize the damage done to your organization.

To begin, just because you’ve been breached doesn’t mean your data has been exfiltrated from your systems.  You need to determine what has transpired during the breach.  If you have logging and monitoring (24/7/365) of your firewall and other edge devices in place, you will be able to see what the threat actor(s) have done.  Without this information, you can only assume that they’ve taken copies of everything!  If you do have log monitoring in place, a forensic analysis can determine what was done, when it started, how it started and how much, if any, data was exfiltrated.

The tool and team that you are using for monitoring should trigger an alert if nefarious behavior is detected.  This can help to isolate the issue and stop the threat actors before they are able to steal your data.  This would reduce the impact of the incident on your organization.

Keep in mind that even if your data is stolen, it doesn’t typically land on the Dark Web immediately after it’s been harvested…it may show up weeks, months or even years later!

While the best defense is a good offense by deploying a comprehensive defense in depth strategy to protecting your organization and its data, you can also proactively setup monitoring of the Dark Web to see if any data from your organization appears out there for sale.  Dark Web monitoring will watch for new data being sold which contains your organization’s domain name (mycompany.com).  Bear in mind that you can have organizational data for sale on the Dark Web even if you have not personally been breached.  Often a breach of a website such as Staples or LinkedIn can yield user names and passwords which contain your domain name.  If your employees have used passwords for those sites which are the same or similar to their domain login credentials, your organization can be at risk of a breach from that data being sold as well.  If you do find any of your information on the dark web, best practice is to change all the passwords similar to the one that has been stolen in any sites, applications or services that use it.