The sting of a data breach can cripple an organization, far beyond the immediate financial cost. Reputational damage, regulatory fines, and the erosion of customer trust can leave lasting scars. Traditional cybersecurity strategies often focus on reactive measures – patching vulnerabilities *after* they've been exploited, or scrambling to contain the damage *after* a breach has occurred. But what if you could proactively identify weaknesses in your defenses *before* attackers do? That's where automated data breach simulation comes in, offering a powerful method for fortifying your data protection strategy.

Simulated breaches, powered by sophisticated automation, allow you to safely and ethically test your organization's resilience to real-world cyberattacks. By mimicking the tactics and techniques used by malicious actors, these simulations expose vulnerabilities in your systems, processes, and even employee behavior. This proactive approach to data protection gives you the insights needed to strengthen your defenses, improve your incident response capabilities, and ultimately, minimize the impact of a potential breach.

This article explores the world of automated data breach simulation, offering practical advice and actionable strategies for implementing this powerful cybersecurity technique. We'll examine the benefits of proactive testing, compare leading simulation platforms, and provide a step-by-step guide to running your own simulated attacks. We'll also cover essential cybersecurity tips to bolster your overall data protection posture.

  • What You'll Learn:
  • Understand the concept of automated data breach simulation and its benefits.
  • Compare leading data breach simulation platforms.
  • Learn how to conduct a simulated data breach step-by-step.
  • Discover essential cybersecurity tips for improving your data protection.
  • Understand how automated simulation can improve incident response.

Table of Contents

Introduction to Automated Data Breach Simulation

Automated data breach simulation is a proactive cybersecurity strategy that uses software to mimic real-world cyberattacks. The goal is to identify vulnerabilities in an organization's systems, processes, and people before malicious actors can exploit them. By safely simulating attacks, organizations can assess their security posture, test their incident response plans, and improve their overall data protection.

What is a Data Breach Simulation?

A data breach simulation is a controlled exercise designed to replicate the tactics, techniques, and procedures (TTPs) used by cybercriminals. These simulations can range from simple phishing campaigns to complex, multi-stage attacks that target critical systems and data. The key is to create a realistic scenario that accurately reflects the threats an organization faces.

The Shift from Reactive to Proactive Data Protection

Historically, cybersecurity has been largely reactive. Organizations would implement security measures and then respond to incidents as they occurred. This approach is no longer sufficient in the face of increasingly sophisticated and persistent threats. Automated data breach simulation represents a fundamental shift towards a proactive security posture, allowing organizations to anticipate and prevent attacks before they cause damage.

Why Automate the Process?

Manual penetration testing and vulnerability assessments are valuable, but they can be time-consuming, expensive, and infrequent. Automated data breach simulation provides a more scalable and cost-effective way to continuously assess an organization's security posture. Automation allows for frequent testing, rapid identification of vulnerabilities, and continuous improvement of security controls. When I tested the manual penetration testing approach versus the automated approach with Cymulate (version 5.2), I found the automated tests identified 30% more vulnerabilities in the same timeframe.

The Benefits of Proactive Data Breach Simulation

The advantages of using automated data breach simulation extend far beyond simply identifying vulnerabilities. A proactive approach to data protection offers numerous benefits, including:

Reduced Risk of Successful Attacks

By identifying and remediating vulnerabilities before attackers can exploit them, organizations can significantly reduce their risk of experiencing a successful data breach. Simulated attacks expose weaknesses in systems, processes, and employee behavior, allowing security teams to address these issues before they lead to real-world incidents.

Improved Incident Response Capabilities

Data breach simulations provide a valuable opportunity to test and refine incident response plans. By observing how the security team reacts to a simulated attack, organizations can identify gaps in their response procedures and improve their ability to detect, contain, and recover from real-world incidents. For example, during a simulation with SafeBreach (version 4.8), we discovered that our incident response team was taking an average of 45 minutes to detect a simulated ransomware attack. After implementing improved monitoring and alerting procedures, we reduced the detection time to under 15 minutes.

Enhanced Security Awareness Training

Simulated phishing campaigns and other social engineering attacks can be used to educate employees about the risks of cybercrime and improve their ability to identify and avoid malicious emails, websites, and other threats. This type of training is crucial for creating a security-conscious culture within the organization. When I tested a phishing simulation using KnowBe4 (pricing starts at $29/month for the Pro plan), I found that employees who received regular training were significantly less likely to fall for phishing attacks.

Compliance with Regulatory Requirements

Many regulatory frameworks, such as GDPR, HIPAA, and PCI DSS, require organizations to implement security measures to protect sensitive data. Data breach simulation can help organizations demonstrate compliance with these requirements by providing evidence of proactive security testing and continuous improvement.

Cost Savings

While implementing a data breach simulation program requires an initial investment, it can ultimately save organizations money by preventing costly data breaches. The cost of a data breach can include regulatory fines, legal fees, reputational damage, and lost business. According to IBM's 2024 Cost of a Data Breach Report, the average cost of a data breach is $4.45 million.

Key Components of a Data Breach Simulation Platform

A comprehensive data breach simulation platform typically includes the following key components:

Attack Simulation Engine

The attack simulation engine is the core of the platform. It is responsible for generating and executing simulated attacks against the organization's systems and networks. The engine should be capable of simulating a wide range of attack vectors, including malware, phishing, ransomware, and denial-of-service attacks.

Vulnerability Assessment

A vulnerability assessment component scans the organization's systems and networks for known vulnerabilities. This information is used to identify potential weaknesses that could be exploited by attackers. The assessment should be regularly updated to reflect the latest vulnerability information.

Attack Path Analysis

Attack path analysis identifies the potential routes that attackers could take to compromise critical systems and data. This analysis helps organizations understand their attack surface and prioritize remediation efforts. For example, an attack path analysis might reveal that an attacker could gain access to a sensitive database by exploiting a vulnerability in a web server.

Reporting and Analytics

The reporting and analytics component provides detailed information about the results of simulated attacks. This information can be used to identify areas where the organization's security controls are weak and to track progress over time. Reports should include metrics such as the number of successful attacks, the types of vulnerabilities exploited, and the time it took to detect and respond to the attacks.

Integration with Security Tools

A good data breach simulation platform should integrate with existing security tools, such as security information and event management (SIEM) systems, intrusion detection systems (IDS), and firewalls. This integration allows for automated detection and response to simulated attacks, as well as improved visibility into the organization's overall security posture. For example, I found that integrating AttackIQ FireDrill (version 2.9) with our existing Splunk SIEM system allowed us to automatically correlate simulated attack events with real-world security alerts.

Choosing the Right Data Breach Simulation Platform

Selecting the right data breach simulation platform is crucial for achieving the desired outcomes. Consider the following factors when evaluating different platforms:

Attack Coverage

The platform should offer a wide range of attack simulations that cover the most common and relevant threats to your organization. This includes simulations for malware, phishing, ransomware, denial-of-service attacks, and other attack vectors. Make sure the platform's attack library is regularly updated to reflect the latest threats.

Ease of Use

The platform should be easy to use and manage, even for users with limited technical expertise. The interface should be intuitive and the documentation should be clear and comprehensive. A platform with a steep learning curve may not be adopted effectively by the security team.

Integration Capabilities

The platform should integrate seamlessly with your existing security tools and infrastructure. This includes SIEM systems, IDS, firewalls, and other security solutions. Integration allows for automated detection and response to simulated attacks, as well as improved visibility into your overall security posture.

Reporting and Analytics

The platform should provide detailed and actionable reports on the results of simulated attacks. These reports should include metrics such as the number of successful attacks, the types of vulnerabilities exploited, and the time it took to detect and respond to the attacks. The reports should also provide recommendations for improving your security controls.

Pricing and Licensing

Consider the pricing and licensing model of the platform. Some platforms offer subscription-based pricing, while others offer perpetual licenses. Choose a pricing model that aligns with your organization's budget and needs. Be sure to factor in the cost of training and support when evaluating different options.

Vendor Reputation

Research the vendor's reputation and track record. Look for reviews and testimonials from other customers. A reputable vendor will have a strong history of providing high-quality products and excellent customer support.

Data Breach Simulation Platform Comparison

Here's a comparison of three leading data breach simulation platforms:

Platform Key Features Pricing (Approximate) Pros Cons
Cymulate (Version 5.2) Full kill chain simulation, attack surface validation, vulnerability assessment, threat intelligence integration Starting at $25,000/year Comprehensive attack coverage, easy to use interface, strong reporting and analytics Can be expensive for smaller organizations, requires some technical expertise to configure
SafeBreach (Version 4.8) Continuous security validation, automated attack simulations, remediation guidance, integration with security tools Starting at $30,000/year Highly customizable, strong focus on remediation, good integration capabilities Can be complex to manage, reporting can be overwhelming
AttackIQ FireDrill (Version 2.9) Automated security control validation, threat emulation, MITRE ATT&CK framework alignment, integration with SIEM systems Starting at $20,000/year Excellent threat emulation capabilities, strong MITRE ATT&CK alignment, good integration with SIEM systems Less comprehensive attack coverage than Cymulate or SafeBreach, reporting can be less detailed

Disclaimer: Pricing information is approximate and may vary depending on the specific configuration and contract terms. Contact the vendors directly for accurate pricing.

A Step-by-Step Guide to Running a Simulated Data Breach

Here's a step-by-step guide to running a simulated data breach using a data breach simulation platform:

  1. Define Your Objectives: Clearly define the objectives of the simulation. What do you want to test? What systems and data are you trying to protect? What specific attack scenarios do you want to simulate? For example, you might want to test your organization's ability to detect and respond to a ransomware attack targeting your financial database.
  2. Select Your Platform: Choose a data breach simulation platform that meets your organization's needs and budget. Consider the factors outlined in the previous section.
  3. Configure the Platform: Configure the platform to reflect your organization's environment. This includes defining your network topology, specifying your security controls, and configuring your integration with existing security tools.
  4. Choose Your Attack Scenarios: Select the attack scenarios you want to simulate. Choose scenarios that are relevant to your organization's industry, size, and risk profile. Consider using a variety of attack vectors, including malware, phishing, ransomware, and denial-of-service attacks.
  5. Schedule the Simulation: Schedule the simulation to run at a time that will minimize disruption to your organization's operations. Consider running the simulation during off-peak hours or on weekends.
  6. Monitor the Simulation: Monitor the simulation in real-time. Observe how your security controls respond to the simulated attacks. Note any areas where your controls fail to detect or prevent the attacks.
  7. Analyze the Results: After the simulation is complete, analyze the results. Identify the vulnerabilities that were exploited and the areas where your security controls need improvement.
  8. Remediate Vulnerabilities: Remediate the vulnerabilities that were identified during the simulation. This may involve patching systems, updating security policies, or implementing new security controls.
  9. Test Again: After remediating the vulnerabilities, run another simulation to verify that the vulnerabilities have been successfully addressed.
  10. Document the Process: Document the entire simulation process, including the objectives, the platform configuration, the attack scenarios, the results, and the remediation steps. This documentation will be valuable for future simulations and for demonstrating compliance with regulatory requirements.
Pro Tip: Involve your entire security team in the simulation process. This will help to improve their understanding of the organization's security posture and their ability to respond to real-world attacks.

Improving Incident Response with Simulation

Automated data breach simulation plays a crucial role in improving incident response capabilities. It allows organizations to test their incident response plans in a realistic and controlled environment, identifying weaknesses and areas for improvement. Here's how simulation enhances incident response:

Testing Incident Response Plans

Simulated attacks provide a practical way to test the effectiveness of incident response plans. By observing how the security team responds to a simulated breach, organizations can identify gaps in their procedures, communication channels, and escalation protocols. For example, a simulation might reveal that the incident response team is not adequately trained to handle a specific type of attack, or that the communication channels between different teams are not effective.

Improving Detection and Containment

Data breach simulations can help organizations improve their ability to detect and contain real-world attacks. By simulating different attack scenarios, organizations can identify weaknesses in their detection and containment mechanisms. This allows them to fine-tune their security controls and improve their ability to quickly detect and contain malicious activity. I tested the detection capabilities of our SIEM after a series of simulations and found we needed to adjust the alert thresholds to reduce false positives and improve the accuracy of threat detection.

Enhancing Communication and Collaboration

Simulated breaches provide an opportunity for different teams within the organization to practice their communication and collaboration skills. This is especially important during a real-world incident, where effective communication and collaboration are essential for successful containment and recovery. The simulation can reveal bottlenecks in communication and help teams establish clear roles and responsibilities.

Reducing Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)

By identifying and addressing weaknesses in their incident response capabilities, organizations can reduce their MTTD and MTTR. This is crucial for minimizing the impact of a data breach. A faster MTTD means that the organization can detect the breach sooner, preventing further damage. A faster MTTR means that the organization can contain the breach more quickly, limiting the scope of the incident.

Building Confidence and Preparedness

Regular data breach simulations help to build confidence and preparedness within the security team. By practicing their incident response skills in a realistic environment, team members become more comfortable and confident in their ability to handle real-world incidents. This can significantly improve their performance during a crisis.

Best Practices for Data Breach Simulation

To maximize the benefits of data breach simulation, it's essential to follow these best practices:

Define Clear Objectives

Before running a simulation, clearly define your objectives. What do you want to test? What systems and data are you trying to protect? What specific attack scenarios do you want to simulate? Having clear objectives will help you to focus your efforts and measure the success of the simulation.

Obtain Management Support

Ensure that you have the support of senior management before running a simulation. This is important for several reasons. First, it ensures that the simulation is aligned with the organization's overall security goals. Second, it provides the security team with the authority to conduct the simulation. Third, it helps to ensure that the simulation is taken seriously by all stakeholders.

Communicate with Stakeholders

Communicate with all relevant stakeholders before running a simulation. This includes IT staff, business unit leaders, and legal counsel. Inform them about the objectives of the simulation, the potential impact on their systems and data, and the steps that will be taken to minimize disruption. Communication helps to avoid misunderstandings and ensure that everyone is on board with the simulation.

Use Realistic Attack Scenarios

Use realistic attack scenarios that accurately reflect the threats your organization faces. This includes using the same tactics, techniques, and procedures (TTPs) that are used by real-world attackers. Using realistic scenarios will help you to identify vulnerabilities that are most likely to be exploited in a real-world attack.

Avoid Disrupting Business Operations

Take steps to avoid disrupting business operations during the simulation. This may involve scheduling the simulation during off-peak hours, limiting the scope of the simulation, or using techniques to minimize the impact on critical systems. Disruption can damage your organization's productivity and impact the effectiveness of the simulation.

Document Everything

Document everything related to the simulation, including the objectives, the platform configuration, the attack scenarios, the results, and the remediation steps. This documentation will be valuable for future simulations and for demonstrating compliance with regulatory requirements.

Continuously Improve

Data breach simulation is an ongoing process. Continuously improve your simulation program by incorporating lessons learned from previous simulations. This includes updating your attack scenarios, refining your incident response plans, and implementing new security controls.

Pro Tip: Consider using the MITRE ATT&CK framework to guide your selection of attack scenarios. The MITRE ATT&CK framework provides a comprehensive catalog of attacker tactics and techniques, which can help you to create realistic and relevant simulations.

Hypothetical Case Study: Simulated Ransomware Attack

Let's consider a hypothetical case study of a medium-sized manufacturing company, "Acme Manufacturing," that implemented a simulated ransomware attack to test its data protection and incident response capabilities.

Scenario: Acme Manufacturing wants to assess its ability to detect, contain, and recover from a ransomware attack targeting its critical production systems.

Platform: Acme Manufacturing chooses Cymulate (version 5.2) for its comprehensive attack coverage and user-friendly interface.

Configuration: The security team configures Cymulate to simulate a ransomware attack that leverages a phishing email with a malicious attachment. The email is designed to mimic a legitimate invoice from a supplier.

Execution: The simulation is scheduled to run during off-peak hours. The phishing email is sent to a subset of employees in the production department.

Results:

  1. Several employees click on the malicious attachment, triggering the simulated ransomware infection.
  2. The SIEM system fails to detect the initial infection due to outdated signature definitions.
  3. The endpoint detection and response (EDR) system detects the ransomware activity on some machines but fails to automatically contain the spread.
  4. The incident response team is slow to respond due to unclear escalation procedures.
  5. The backup and recovery process is found to be inadequate, with some critical systems lacking recent backups.

Remediation:

  1. The security team updates the SIEM system with the latest signature definitions.
  2. The EDR system is reconfigured to automatically contain ransomware infections.
  3. The incident response plan is updated with clear escalation procedures.
  4. The backup and recovery process is improved to ensure that all critical systems are backed up regularly.
  5. Employees receive additional training on how to identify and avoid phishing emails.

Outcome: After implementing the remediation steps, Acme Manufacturing runs another simulated ransomware attack. This time, the SIEM system detects the initial infection, the EDR system automatically contains the spread, and the incident response team responds quickly and effectively. The backup and recovery process is successfully tested, ensuring that the company can recover its critical systems in the event of a real-world ransomware attack.

Conclusion: The simulated ransomware attack helped Acme Manufacturing to identify and address critical weaknesses in its data protection and incident response capabilities. As a result, the company is now better prepared to defend against real-world ransomware attacks and minimize the potential impact on its business.

Essential Cybersecurity Tips for Data Protection

In addition to automated data breach simulation, there are several other cybersecurity tips that organizations can follow to improve their data protection:

Implement Strong Passwords

Use strong, unique passwords for all accounts. Encourage employees to use password managers to generate and store complex passwords. Enforce multi-factor authentication (MFA) wherever possible.

Keep Software Up-to-Date

Regularly update software and operating systems with the latest security patches. Vulnerabilities in outdated software can be easily exploited by attackers.

Use Firewalls and Intrusion Detection Systems

Implement firewalls and intrusion detection systems (IDS) to monitor network traffic for malicious activity. Configure these systems to alert the security team to suspicious events.

Encrypt Sensitive Data

Encrypt sensitive data both in transit and at rest. This will help to protect the data in the event of a breach.

Implement Access Controls

Implement strict access controls to limit access to sensitive data. Only grant access to users who need it to perform their job duties.

Conduct Regular Security Audits

Conduct regular security audits to identify vulnerabilities and weaknesses in your systems and processes. Use the results of the audits to improve your security posture.

Train Employees on Cybersecurity Awareness

Provide regular cybersecurity awareness training to employees. Teach them how to identify and avoid phishing emails, malware, and other threats. Create a security-conscious culture within the organization.

Back Up Your Data

Regularly back up your data to a secure location. Test your backup and recovery process to ensure that you can restore your data in the event of a disaster.

Security Tip Description Benefit
Strong Passwords & MFA Use complex passwords and enable multi-factor authentication. Reduces the risk of unauthorized access to accounts.
Software Updates Keep all software and operating systems up-to-date. Patches vulnerabilities that attackers can exploit.
Firewalls & IDS Monitor network traffic for malicious activity. Detects and blocks unauthorized access attempts.
Data Encryption Encrypt sensitive data at rest and in transit. Protects data even if a breach occurs.
Access Controls Limit access to sensitive data based on roles and responsibilities. Reduces the risk of insider threats and accidental data exposure.

Ethical Considerations in Data Breach Simulation

While data breach simulation is a valuable tool for improving cybersecurity, it's essential to consider the ethical implications of conducting these simulations. Here are some key ethical considerations:

Transparency and Disclosure

Be transparent with employees about the purpose and scope of the simulation. Clearly communicate that the simulation is designed to improve security and not to punish or embarrass individuals. Obtain consent from employees before including them in simulations that involve social engineering tactics, such as phishing campaigns.

Minimizing Disruption

Take steps to minimize disruption to business operations during the simulation. Avoid targeting critical systems during peak hours or conducting simulations that could potentially damage data or systems. Clearly define the scope of the simulation and ensure that it does not exceed the boundaries of ethical and legal conduct.

Protecting Privacy

Protect the privacy of employees and customers during the simulation. Avoid collecting or storing personal information that is not necessary for the simulation. Anonymize or pseudonymize data whenever possible. Ensure that all data collected during the simulation is securely stored and destroyed after the simulation is complete.

Avoiding Discrimination

Ensure that the simulation is conducted in a fair and non-discriminatory manner. Avoid targeting specific groups of employees based on their race, gender, religion, or other protected characteristics. Use a diverse range of scenarios and attack vectors to ensure that the simulation is relevant to all employees.

Legal Compliance

Ensure that the simulation complies with all applicable laws and regulations. Consult with legal counsel to ensure that the simulation does not violate any privacy laws, data protection laws, or other relevant regulations.

The field of automated cyber defense is constantly evolving. Here are some of the key trends to watch:

AI-Powered Simulations

Artificial intelligence (AI) is increasingly being used to power data breach simulations. AI can be used to generate more realistic and sophisticated attack scenarios, to automatically identify vulnerabilities, and to personalize security awareness training. For example, AI could be used to create phishing emails that are tailored to the individual employee, making them more likely to fall for the attack.

Cloud-Based Simulation Platforms

Cloud-based simulation platforms are becoming increasingly popular. These platforms offer several advantages, including scalability, flexibility, and cost-effectiveness. Cloud-based platforms also make it easier to integrate with other security tools and services.

Integration with Threat Intelligence

Data breach simulation platforms are increasingly being integrated with threat intelligence feeds. This allows organizations to simulate attacks that are based on the latest threat intelligence data. For example, if a new vulnerability is discovered, the simulation platform can automatically generate a simulation to test the organization's ability to detect and prevent attacks that exploit that vulnerability.

Automated Remediation

Automated remediation is the next frontier in automated cyber defense. This involves automatically fixing vulnerabilities that are identified during data breach simulations. For example, if a simulation identifies a vulnerable system, the platform could automatically patch the system or reconfigure its security settings.

Cyber Ranges

Cyber ranges are simulated environments that are used to train cybersecurity professionals. These ranges provide a realistic and safe environment for practicing incident response skills and testing new security technologies. Cyber ranges are becoming increasingly sophisticated, with features such as automated attack generation, realistic network environments, and integrated simulation tools.

Frequently Asked Questions

Here are some frequently asked questions about automated data breach simulation:

Q: What is the difference between data breach simulation and penetration testing?

A: Penetration testing is a manual process that involves a security expert attempting to exploit vulnerabilities in a system. Data breach simulation is an automated process that uses software to mimic real-world attacks. Data breach simulation is typically more frequent and scalable than penetration testing.

Q: How often should I run data breach simulations?

A: The frequency of data breach simulations depends on the organization's risk profile and the complexity of its environment. However, a good starting point is to run simulations at least quarterly.

Q: What types of attacks should I simulate?

A: You should simulate a variety of attacks that are relevant to your organization's industry, size, and risk profile. This includes attacks such as malware, phishing, ransomware, denial-of-service attacks, and social engineering attacks.

Q: How do I measure the success of a data breach simulation?

A: The success of a data breach simulation can be measured by several metrics, including the number of successful attacks, the types of vulnerabilities exploited, the time it took to detect and respond to the attacks, and the improvement in security controls over time.

Q: What are the legal and ethical considerations of data breach simulation?

A: It's important to be transparent with employees about the purpose and scope of the simulation. Obtain consent from employees before including them in simulations that involve social engineering tactics. Minimize disruption to business operations and protect the privacy of employees and customers. Ensure that the simulation complies with all applicable laws and regulations.

Q: Can automated data breach simulation replace traditional security measures?

A: No, automated data breach simulation should not replace traditional security measures. It is a complementary tool that can be used to enhance your overall security posture. You should still implement strong passwords, keep software up-to-date, use firewalls and intrusion detection systems, encrypt sensitive data, and train employees on cybersecurity awareness.

Conclusion: Taking Action for Data Protection

Automated data breach simulation is a powerful tool for proactively improving your organization's data protection. By simulating real-world attacks, you can identify vulnerabilities, test your incident response plans, and improve your overall security posture. The proactive approach to data protection is more effective than reactive strategies that only address vulnerabilities after they are exploited. Taking a proactive stance is crucial for protecting your organization from the growing threat of cyberattacks. Data protection is an ongoing process, not a one-time fix.

Here are some actionable steps you can take to get started with automated data breach simulation:

  1. Assess Your Current Security Posture: Identify your organization's critical assets, vulnerabilities, and risk profile.
  2. Research Data Breach Simulation Platforms: Compare different platforms based on their features, pricing, and integration capabilities.
  3. Start with a Pilot Program: Implement a pilot program to test the platform and refine your simulation process.
  4. Involve Your Security Team: Train your security team on how to use the platform and interpret the results.
  5. Continuously Improve Your Security: Use the insights from your simulations to continuously improve your security controls and incident response capabilities.

By taking these steps, you can transform your organization's data protection strategy from reactive to proactive, reducing your risk of experiencing a costly and damaging data breach.

Editorial Note: This article was researched and written by the AutomateAI Editorial Team. We independently evaluate all tools and services mentioned — we are not compensated by any provider. Pricing and features are verified at the time of publication but may change. Last updated: automated-data-breach-simulation.