You’re the CEO of a healthcare company. You come into work one day and are immediately approached by your CISO, who informs you that a massive data breach has occurred.
Tens of thousands of patient data records have been stolen by a malicious actor. They gained access to the company’s system through compromised credentials from an employee who uses the same password for every login. Now they’re demanding your company pay ransom in exchange for not leaking the records.
Somehow, the security framework the company had in place didn’t pick up that one of its users, who normally works in Virginia, was periodically logging in from Belarus. It took nearly a year for someone to notice.
The security team is frantically trying to contain the breach, redo system architecture, and deal with the ransom, all at the same time. Dealing with stitched together point solutions isn’t making anything easier.
There’s chatter amongst the security analysts - “We thought we had a full view of this sort of thing”, “If I was in charge, I would’ve known about this.” All the typical lines you would expect. Everyone thinks that breaches are just something that happens to somebody else – until it happens to them.
The news of the ransom gets leaked by someone in your company. Soon the media reports on it. The company’s stock falls 25% in under 24 hours.
After the ransom is paid, system architecture is updated, employees are retrained, and the full scope of the breach was identified, you get the price tag - almost six million dollars.
Now let’s rewind.
Not when the breach was finally detected after almost a year, not when the employee’s login info was used halfway across the world, but even before that.
One of your security analysts notices a sudden drop in the employee’s endpoint security score. They discover the employee had been logging into a torrenting client downloaded from a sketchy domain to pirate movies, using the same email and password for their work logins.
The employee is notified of their security score drop automatically, but your security analyst gives them a nudge and tells them they need to delete the torrenting client off their computer and to change their passwords for good measure. They do so, and their score gets back to normal levels.
Now the hacker never entered the system and stole data. You never heard from your CISO that day about a breach. And your company never lost six million bucks.
All thanks to individual endpoint security scoring.