Watch your perimeter
Avoiding breaches like this also entails putting in multiple types of security systems at the perimeter, endpoint, and network level, says Michael Rezek, vice president of cybersecurity strategy and business development at analytics firm Accedian.
He used the analogy of running security for a bank as an analogy for how these techniques work.
When protecting a bank, you'd probably use three methods to secure it: monitoring the entrance to know who's entering and exiting the building (perimeter security), keeping track of critical assets like ATMs, cash registers, and safes (endpoint security), and using video surveillance to monitor what's happening inside the bank (network security).
Those last two points of protection are particularly important, he says, in a scenario like the Capital One breach, where the intruder was able to exploit a security flaw to gain entry into the system. Having endpoint and network security in place means being able to track what the hacker did once they got in and keeping tabs on what they might have stolen.
Know your audience
An important way companies can spot trespassers earlier is by having a firm grasp on who has access to critical user data in the first place.
"Knowing that this user over time maybe never visits a critical assets server . . . you learn that's kind of a normal behavior," Rezek said."And then all of a sudden one day you see this anomaly where he goes to a critical assets server and he spends time connected to it."
For example, if an intruder just dumped a bunch of data from the servers, that should raise a red flag, says Divatia. That's because applications typically process data rather than dumping it, which could have been a sign that abnormal activity was occurring.
It may be impossible to prevent intruders from entering in the first place. But what companies can learn from the Capital One breach is to always be prepared for what happens once they do get inside.
"You cannot keep the bad guys out," said Divatia. "You assume that the house will get broken into, but what they steal doesn't mean anything."