How to Plug the Leaks after a Data Breach


Tech Insights for ProfessionalsThe latest thought leadership for IT pros

Tuesday, February 7, 2017

A business will need to adopt a data breach strategy, a systematic response to rectifying a leak of company data.

Article 4 Minutes
How to Plug the Leaks after a Data Breach

In today’s society, all businesses are at risks of a security breach. Instead of solely being reactive, preventative measures should be adopted, so when a company experiences a data leak, they are prepared for the eventuality and the aftermath.   

According to Andrew Avanessian, Executive Vice President of consultancy and technology at Avecto said;

Nearly half of security leaders believe a major security breach will happen in the future, yet the post-breach plan that IT decision makers have in mind is fundamentally flawed. Why? These plans are reactive when they should be proactive.


Every company needs to implement a data breach response plan, to ensure that if or when systems are hacked, the business is ready to deal with the consequences.


Once located, it is essential that the breach is contained, to ensure that all other systems are safe.

"A disk image of those servers should be made in order to preserve their state, to protect chain of custody in the event of a lawsuit, these images should be read-only and secured," says Marc Malizia, the CTO of the IT consulting firm RKON Technologies


Tests should be run to see if any other systems have been effected. Using all the available resources, it is imperative that all leaks are blocked and the issue fully resolved.

"Companies should undergo a rigorous penetration test by an external team of experts," says Chris Pogue, Senior Vice President for cyber threat analysis at Nuix

The systems should be fixed and procedures established to avoid future attacks. The containment and breach assessment will give a company an insight into what went wrong, so that they can improve system security.

Notify and communicate

The disclosure of information is dependent on the industry and the situation. Some industries, such as the financial, are required to report a data breach within a strict time-frame. Ideally, the data leak should not be communicated to the public until a team has been formed to deal with the breach, it has been contained and resolved. The PR department, local authorities and legal department should then be notified. It should be spoken about in a unified manner, with all employee’s statements coinciding.

"Disclosure comes as a part of what happened – if credit cards were stolen vs. a breach of internal intellectual property," says Pat Calhoun, the Senior Vice President and general manager of network security at McAfee

Once the breach has been communicated, a team will also have to be available to deal with the repercussions.

Re-examine security measures

After the leak has been resolved and assessed, the long term implications will be confirmed. Certain questions will be posed, such as; Why has the company been targeted? Will it be targeted again and what will that mean for the future? The continued analysis of the breach will give the company some insight into the reason the breach succeeded, giving them the tools to create a remediation plan of how to avoid a future attack of the same caliber. It will also give a business the time to reassess their security systems, and to consider whether they need to invest more heavily in security measures. These systems will also require regular testing to ensure efficacy.  

Handle the press

Maintain integrity, be honest and take responsibility. Then propose a solution, tell the press exactly what happened and why, and then release a statement about how future attacks will be avoided.

"Not only is this more likely to kill the story quickly, it could even be a springboard for growth. Shifting the focus from an organization’s security failings to the positive action it is taking sets it apart from others in a similar position,” says Computer Weekly


A company should have a strategy in place before a breach has happened, so that they are prepared. Sophisticated security attacks are serious, but can be dealt with. Unfortunately, the frequency of attacks now means that most businesses will succumb to some kind of data breach. However, if a pro-active strategy is created and adhered to, then an attack can be resolved efficiently and effectively.

Tech Insights for Professionals

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.


Join the conversation...