Although we’re told to prepare for the worst, very few of us do. Most of us tend to approach worst-case scenarios with the same mindset. No one thinks it’s going to happen to them. The same thinking applies to data breaches even though these are becoming more and more frequent. In August, a Risk Based Security report found that data breaches had increased 54% in 2019 compared to this time last year. It’s not a matter of ‘if’, but ‘when’.
While data breaches are the exception and not the rule, they pose a genuine threat that, if realized, can leave a lasting impact on a business going into 2020. Businesses need to be well-prepared for the possibility of a breach and have an established process that will enable them to react quickly and appropriately. This means not being reliant only on endpoint security with no plan for a breach. It also means ensuring having full backups of all data for disaster recovery as required.
Brandon Shopp, Vice President of Product Strategy, SolarWinds.
Some businesses may already have policies and processes in place outlining their response to a data breach, but these must be regularly reviewed and amended. As the IT landscape shifts and hackers become more sophisticated, best practice must evolve.
Preparing for the worst
First and foremost, businesses that recognize the threat of data breaches will have an incident response plan in place. However, these plans should be more than step-by-step guides on what to do in the event of an issue. Every business is unique with its own set of market conditions and specific challenges that must be factored in. Scenario planning, based on an enterprise’s focus, solution and customer base, is a good place to start.
That process should begin with a look at the data that could potentially be compromised in a breach. Personally identifiable information (PII), for example, requires additional consideration to ensure customer data is protected and that businesses are complying with GDPR and other privacy laws. Businesses need to understand what kinds of PII is being held and where exactly it’s being stored within IT infrastructure and what safety checks are in place. A thorough risk assessment of these environments – possibly including penetration testing – will uncover vulnerabilities.
A strong plan also involves installing a level of preparedness internally. Every employee across the organisation should understand best practice on data sharing and be made wary of social engineering attacks – from simple email phishing through having poor antivirus protection, right up to AI based scams that mimic c-suite instructions.
A plan should also provide different defined response paths based on the potential severity of breaches and engagement points. From there a decision tree which includes a checklist and workflow can more easily be created.
Assessing the situation
In the immediate minutes and hours after a breach, action needs to be taken quickly. This doesn’t mean doing so before the facts are clear, but it does mean doing so in an appropriately responsible and timely manner. Here’s where that incident response plan can save critical time. First, you need to understand the scope, quickly. This can often require the help of third-party assistance, especially for businesses that don’t have an in-house security team at their disposal. Businesses that are well prepared for a breach will already know what call they need to make in the event of a breach–the businesses that aren’t prepared will waste precious time debating who’s best to call for assistance.
Once this scope is established, some key questions can be answered. Does law enforcement need to be called? Does the breach fall foul of GDPR rules? If yes, then the business may have 72 hours to report the breach to affected customers and/or employees or potentially risk facing hefty fines. Businesses need a granular level of visibility to understand how the breach occurred and therefore, how to mitigate its impact. Was it down to a flawed security protocol or a faulty patch?
There are tools available for businesses looking to establish the severity of a breach. A good SIEM tool can help log data and capture things like information flow, allowing the isolation of impacted systems, the level of impact, and the type of data impacted. A breach of music files, for example, isn’t good, but it’s an entirely different story if somebody gets a hold of personally identifiable information (PII), financials, etc. This also provides insights into areas for improvement; e.g., if a patch wasn’t completed – why or why not and how should processes change going forward?
All hands-on deck
In addition to being quick, breach responses call for a business-wide effort. When data is breached, it’s easy for incidents to be categorized as an IT security issue that only concerns a limited number of employees. This is the wrong attitude as breaches can have dire consequences for a business’ brand, revenue, or both. A breached company will want to quickly assemble a tiger team that is cross-functional so the business is able to respond as quickly as possible and as transparently as possible at the right levels, while simultaneously putting into steps that will help make amends for those impacted. The rule is to fail fast; own it and communicate with clarity and honesty.
Above All Else
In 2020, IT pros need to re-evaluate their approach to data breaches. Maintaining best practice to make a breach less likely is important. Beyond this though, IT pros need to expect and be fully prepared for a breach to hit. A breach doesn’t have to be an extinction event. It can be painful, but with the right preparation, it can be a whole lot easier, and the impact can be significantly minimized.
- Stay safe and anonymous online with the best VPN.