A business will need to adopt a data breach strategy, a systematic response to rectifying a leak of company data.
In today’s society, all businesses are at risks of a security breach, so instead of solely being reactive, preventative measures should be adopted, so when a company experiences a data leak, they are prepared for the eventuality and the aftermath.
According to Andrew Avanessian, executive vice president of consultancy and technology at Avecto, “Nearly half of security leaders believe a major security breach will happen in the future, yet the post-breach plan that IT decision makers have in mind is fundamentally flawed. Why? These plans are reactive when they should be proactive.” Every company needs to implement a data breach response plan, to ensure that if/when systems are hacked, the business is ready to deal with the consequences.
Once located, it is essential that the breach is contained, to ensure that all other systems are safe. "A disk image of those servers should be made in order to preserve their state, to protect chain of custody in the event of a lawsuit, these images should be read-only and secured," says Marc Malizia, the CTO of the IT consulting firm RKON Technologies. Tests should be run to see if any other systems have been effected. Using all the available resources, it is imperative that all leaks are blocked and the issue fully resolved.
"Companies should undergo a rigorous penetration test by an external team of experts," says Chris Pogue, senior vice president for cyber threat analysis at Nuix. The systems should be fixed and procedures established to avoid future attacks. The containment and breach assessment will give a company an insight into what went wrong, so that they can improve system security.
Notify and communicate
The disclosure of information is dependent on the industry and the situation. Some industries, such as the financial, are required to report a data breach within a strict time-frame. Ideally, the data leak should not be communicated to the public until a team has been formed to deal with the breach, it has been contained and resolved. The PR department, local authorities and legal department should then be notified. It should be spoken about in a unified manner, with all employee’s statements coinciding.
"Disclosure comes as a part of what happened – if credit cards were stolen vs. a breach of internal intellectual property," says Pat Calhoun, the senior vice president and general manager of network security at McAfee. Once the breach has been communicated, a team will also have to be available to deal with the repercussions.
Re-examine security measures
After the leak has been resolved and assessed, the long term implications will be confirmed. Certain questions will be posed, such as; Why has the company been targeted? Will it be targeted again and what will that mean for the future? The continued analysis of the breach will give the company some insight into the reason the breach succeeded, giving them the tools to create a remediation plan of how to avoid a future attack of the same calibre. It will also give a business the time to reassess their security systems, and to consider whether they need to invest more heavily in security measures. These systems will also require regular testing to ensure efficacy.
Handle the press
Maintain integrity, be honest and take responsibility. Then propose a solution, tell the press exactly what happened and why, and then release a statement about how future attacks will be avoided. “Not only is this more likely to kill the story quickly, it could even be a springboard for growth. Shifting the focus from an organization’s security failings to the positive action it is taking sets it apart from others in a similar position,” says Computer Weekly.
A company should have a strategy in place before a breach has happened, so that they are prepared. Sophisticated security attacks are serious, but can be dealt with. Unfortunately, the frequency of attacks now means that most businesses will succumb to some kind of data breach. However, if a pro-active strategy is created and adhered to, then an attack can be resolved efficiently and effectively.
Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals. To view more IT content, click here.