The Definitive Guide to Breach Intelligence

What is Breach Intelligence?

Breach intelligence is a type of threat intelligence that helps enterprises detect, investigate, and respond to indicators of a possible data breach, giving enterprises the opportunity to respond quickly and implement proactive countermeasures to reduce the potential impact and mitigate financial and reputational damage.

What is a Data Breach?

A data breach takes place when a cyber adversary gains unauthorized access to a secured enterprise or public sector database and either views or steals data. 

Cyber adversaries who steal data often target financial and payment information, such as credit card numbers and banking information, or private personal data that may be used to commit identity theft or obtain fraudulent credit. They may also attempt to steal proprietary data, patents, trade secrets, application source codes, and other valuable assets.

Data breaches can cause significant harm to targeted organizations. In addition to the direct costs of remediating the attack, organizations that lose sensitive customer data in a breach can face regulatory penalties, litigation, and reputational damage.

Why is Breach Intelligence Important?

The new Cost of a Data Breach Report from IBM revealed that the average organization in 2021 took 287 days to identify and contain a data breach. 

According to the report, data breaches that took longer than 200 days to contain cost the targeted companies an average of $4.87 million, while those contained in under 200 days cost an average of $3.61 million. 

Timely and relevant breach intelligence can significantly shorten the time it takes for an enterprise to identify and contain a data breach, resulting in faster mitigation and hundreds of thousands of dollars in cost savings.

How Does Breach Intelligence Work?

To develop breach intelligence, threat experts use sophisticated threat intelligence tools to monitor the public attack surface for indicators of a possible data breach, including leaked access credentials, company data, or executive information that may be distributed online by cyber criminals. 

When such evidence is detected, human analysts review and investigate the evidence to assess whether a data breach took place and learn everything they can about the threat actors involved, their motivations, and the TTPs used to carry out the attack. 

The results of this analysis, along with recommendations for addressing the data breach, are then distributed to the targeted organization as finished breach intelligence.

4 Valuable Sources of Breach Intelligence

Threat experts monitor information from a variety of sources to detect and identify potential data breaches. Some of the most valuable sources of breach intelligence include:

Paste Sites

Paste sites are content-hosting websites that allow users to upload, save, and share textual documents. After a successful data breach, digital threat actors frequently upload stolen data onto paste sites before sharing or selling it to other cyber criminals.

Deep and Dark Web Forums and Chat Rooms

Deep and dark web forums and chat rooms are venues where hackers gather to share their latest exploits and exchange tips, advice, and stolen data with other criminals. Hackers may use these forums to leak stolen data or advertise stolen data for sale instead of publicly posting it.

Dark Web Marketplaces

Dark web marketplaces offer an illicit platform where digital criminals can buy, sell, and trade in malware, phishing kits, stolen data, and other assets. Covert threat intelligence operatives monitor these marketplaces, gathering evidence of new data breaches and transforming it into actionable breach intelligence.

Breached Data Repositories

Breached data repositories are public databases containing data that was previously exposed in a data breach. If your private information, sensitive data, or credentials are listed in a breached data repository, there’s a good chance you may have been the victim of a data breach.

Getting Started with Breach Intelligence

Intrusion Detection Systems (IDS)

IDS software is the first line of defense when it comes to detecting and identifying an enterprise data breach. IDS software monitors network traffic for suspicious activity or security policy violations that may indicate a data breach, alerting security incident response teams to enable rapid implementation of countermeasures.

Open Source Breach Intelligence

While IDS software helps to identify indicators of a data breach inside the network, open source breach intelligence focuses on indicators that come from outside the network.

Enterprises can search for evidence of data breaches and generate their own breach intelligence by monitoring publicly available information sources, including social media and the surface, deep, and dark web.

Breach Intelligence Services

As an alternative to setting up monitoring programs and developing their own breach intelligence, enterprises can party with third-party threat intelligence providers like ZeroFOX who monitor the public attack surface, investigate evidence of data breaches, and deliver finished breach intelligence to their enterprise clients.

Protect Against Data Breaches with ZeroFOX Threat Intelligence

ZeroFOX provides enterprises protection, intelligence, and disruption to dismantle external threats across the public attack surface. 

In addition to actionable and timely breach intelligence, ZeroFOX provides adversary identification, engagement, negotiation support, and asset recovery services that help enterprise organizations mitigate the potential negative consequences of a data breach.

Check out our free white paper Data Loss Prevention in the Social Media World to discover how cyber adversaries are leveraging social media to carry out data breaches, and how to safeguard your organization with timely and relevant breach intelligence.