Data Breach Containment

Surveillance, Containment & Remediation

We provide services that minimise, eliminate and prevent the impacts of data breaches via:

  • Surveillance

  • Identification

  • Containment

  • Remediation

The estimated cost of an average data breach has risen to $4.2 million USD in 2021, however the financial and reputational impacts on a large organization are often many multiples of this amount.

Failed processes and systems often lead to data which is inadvertently released, leading to unauthorised access of personal information.

Our specialist data breach surveillance and forensics team identifies, contains and remediates breaches - and the risk of further breaches.

We work with organisations and the relevant authorities to minimise the impact of data breaches to our clients, the national interests and the community.

We are in a unique position as we are the only cyber security company which is NAID AAA High Security Certified with Australian Government Protective Security Policy Framework (PSPF) endorsements to Top Secret.

Surveillance and forensics work is conducted in our High Security certified facility, by AGSVA cleared staff to NV2, and is kept strictly confidential. Once data is located it can usually be reverse engineered to identify the systems failure and the gaps can be closed.

We not only have high security clearances and certifications, we work in the wider ecosystem to find data which is already breached, while at the same time providing recommendations to prevent future occurrences.

Potential impacts of a data breach to your organisation

The estimated cost of an average data breach has risen to $4.2 million USD in 2021, however the financial and reputational impacts on a large organization are often many multiples of this amount.

The commercial implications from lost intellectual property or company confidential information can only be assessed by the organization itself. However the wider impacts include:

  • Professional negligence and breach of fiduciary duties or other codes of conduct if reasonable steps to prevent the breach have not been taken. Or, more likely, if reasonable steps are not taken once the data breach is known to the organization.
  • The General Data Protection Regulation system can impose fines of up to $20million Euros or 4% of global turnover (which ever is higher) for internationally trading companies
  • Breach of the Privacy Act 1988 APP11 and, which if the elements are made out the triggering of the potentially onerous obligations under the Privacy Amendment (Notifiable Data Breaches) Act 2017, more commonly known as the Notifiable Data Breach Scheme. A fine of up to 10,000 penalty units ($2.2million) exists for failure to notify the OAIC within 30 days
  • Notification of all impacted parties, which can often be entire customer lists or employees past and present, other organisaitons such as suppliers or contacts (who may then also need to notify) along with shareholders or other parties. A fine of up to 10,000 penalty units ($2.2million) exists for failure to notify affected parties within 30 days.
  • ASX reporting rules may exist for listed companies which need to notify of events which can impact shareholders.
  • The Office of the Australian Information Commissioner, ASIO, the Australian Signals Directorate, the Australian Cyber Security Center, the Australian Attorney Generals Department will all likely have various requirements which need to be met.
  • Your insurance may not cover you where it is demonstrated that reasonable steps to ensure data security were not taken either before, or after becoming aware of the issue.

How can a surveillance and forensics service assist your organisation?

There are two general reasons to engage a surveillance and forensics specialist which focuses on the external ecosystem i.e. the public arena.

  1. Prevention - Peace of Mind:

Maintaining a consistent surveillance and forensics program, along with implementing systems improvements when data is found, is demonstrating that an organisation is taking reasonable steps to protect its sensitive information. This will also identify risks early so that they can be mitigated before they can have a wider impact.

      2. Cure – When Data is Known to be Breached:

The impacts that the steps you and your organisation take immediately after becoming aware of a data breach cannot be overstated. If sensitive data is known to have breached into the external ecosystem, the organisation should demonstrate that it is taking reasonable steps to identify and contain it, along with reverse engineer the data to find where the systems failure or malicious activity has occurred which led to it.

Time is of the essence as the quicker those who are affected can be notified, the quicker they can take steps to mitigate risks. Being seen as a good corporate citizen to help minimize the impacts to the wider community should take priority over trying to keep a breach secret, although controlling the narrative and confidentiality is also an important part of any impact minimisation strategy.

Depending on the data type, the Office of the Information Commissioner may need to be notified as quickly as possible or a fine of up to 10,000 penalty units ($2.2million) can be imposed for failure to notify.

Under the Notifiable Data Breach (NDB) scheme an organisation or agency must notify affected individuals and the OAIC about an eligible data breach. Best practice is to liaise with the OAIC as early and transparently as possible so that they are aware of the situation and the steps being taken to protect affected individuals so they can provide input.

"An eligible data breach occurs when:

  • there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation or agency holds
  • this is likely to result in serious harm to one or more individuals, and
  • the organisation or agency hasn’t been able to prevent the likely risk of serious harm with remedial action"

If all three elements are met, then this can trigger a very large notification program to affected people and people who could be reasonably expected to be affected which has direct costs and also obvious negative reputational impacts.

The first two elements of an eligible data breach usually met for most data breaches. However whether the third element is met or not can often come down to what actions are taken.

The gold class remedial action from an organisation when data is found to exist in the external ecosystem is:

  1. Intensive surveillance program of the external ecosystem
  2. Forensics of the recovered data
  3. Reverse engineering the breach to identify systems failures
  4. Assessment of current processes and recommended improvements
  5. Implementation of recommendations
  6. Ongoing surveillance program over a period of time

By committing to this type of remedial action a company may be able to show that the likely risk of serious harm has been eliminated and thus the onerous notification program under NDB scheme is not triggered. This remedial action is also the most effective way to minimise the numerous other regulatory and commercial impacts on the company when a breach occurs.

What kind of data do we find?

All types.

This includes commercially sensitive data and intellectual property, employee and senior executive records and sensitive information, customers sensitive information, financial information such as credit card details, secret high security information, the list goes on and on. By finding this information it can assist clients to take steps to minimize the damage caused and update systems to prevent future failures.

How do we find the data?

We do not disclose all of our surveillance and forensics techniques, however a multifaceted approach is required and includes surveillance of the external, and public, ecosystem.

External ecosystem surveillance and forensics focuses on breaches which already exist, unlike internally focused vulnerability assessments which focus on potential threats and vulnerabilities.

Organisations need both in order to ensure breaches do not occur - ever - or again.

Exposing your network is way too easy. 

See how we have helped our clients avoid a data breach.