When it comes to data breaches, the common mantra that it’s a matter of ‘when, not if’ an organization will be hit seems more and more apt as time goes on. Cyber-criminals keep getting savvier with their malicious exploits, IT infrastructures continue to become ever more complex and the cyber-attack surface widens.
With the risks so high, organizations must ensure they are not only implementing effective strategies for preventing data breaches from occurring, but perhaps now more importantly, they must also have a solid and tested data breach response plan in place, ready to launch it into action when the worst happens and they suffer a data breach incident.
Fusion Risk Management is a provider of expertise in risk management, IT disaster recovery and incident management. Infosecurity Magazine recently spoke to the company’s CTO, Cory Cowgill, about how companies can best prepare for and respond to a data security breach.
Why do businesses continue to fall victim to cyber-attacks and breaches?
The modern enterprise has a large attack surface for cyber-criminals to attack and attempt to breach. This spans multiple domains including on premise systems, cloud systems and employee endpoint devices. The work to harden these different domains is difficult and costly, requiring multiple skillsets, disciplined change control policies and procedures and a ‘security first’ culture to succeed in the best of circumstances. The human element remains the hardest surface to protect against attack, whether it is a manually misconfigured service or an employee falling victim to phishing attack.
What are the best strategies for preparing for a data breach incident?
Having a communication and crisis management plan is critical and forms the foundation for a response strategy to a data breach. Depending on the scope of the breach, many legal obligations such as GDPR and CCPA have required time frames within which a company must report the breach. These time frames are very tight. For example, under GDPR, companies only have 72 hours to report to the authorities a data breach of personally identifiable information (PII) data. A communication and crisis management plan helps drive the response efficiency when an incident does occur.
Individuals hear about cyber-breaches every day in the news. The response and messaging to regulatory bodies as well as impacted individuals is critical to mitigating any long-term damage to the business.
What are the best practices for responding to and recovering from a data breach should one occur?
A timely response to addressing the root cause of the breach and notifications to impacted customers is key. These are three best practices that I would recommend:
- Businesses need to respond as quickly as possible to address the root cause of the breach. If a data source has been exposed to the internet, it must be removed as soon as possible from the time of discovery. If an unpatched system was the cause, all systems must be patched and thoroughly evaluated for similar issues
- A comprehensive update of the affected organization’s security procedures and policies should be evaluated based on the root cause, and findings should be remediated as soon as possible to prevent future events
- The remediation steps should be clearly messaged to regulatory bodies and impacted individuals