Victims or Villains: Intelligent Incident Response Can Save the Day

We all know the lessons of nursery school tales: don’t lie, don’t steal, and play nice with others.

The data breach morality tale is a bit more complicated. When you find out someone is stealing from you: don’t lie, act quickly, and be nice even when everyone’s mad at you. If you get defensive or try to be sneaky, you’ll go from victim to villain in the swipe of a headline. Data breaches are happening with greater frequency, and are compromising larger volumes of data, than ever before.

As the toll of identity theft, privacy loss and exploited infrastructure mounts, the ramifications intensify. Organizations are being subjected to stronger financial penalties, greater legislative and regulatory scrutiny and tangible reputational damage.

For organizations that suffer a breach, responding in an intelligent and confident manner is becoming critical. But given today’s deeply connected landscape, how can organizations protect themselves, and their customers, along with safeguarding or even increasing business value?

The number one answer is total engagement with information security risks and challenges from the board on down. We’re finally seeing significant signs of movement in that direction. A recent Georgia Tech Information Security Center survey of Forbes Global 2000 board directors and executives found that 63 percent of respondents are addressing cyber-security actively, a significant increase from 33 percent in 2012. The survey also found that 53 percent of boards formed a risk committee to identify and manage cyber-risk issues, compared to 8 percent in 2008.

Preventing the Next Data Breach

The most effective data breach prevention approaches are based on the premise that it is possible for an organization to increase an adversary’s ‘work factor’ to such a degree that malicious activity becomes unprofitable and attackers move on to easier targets. Basic technical preventative measures are popular because they scale easily; automated scans are more reliable and efficient than staffing monitoring teams around the clock, especially for smaller organizations.

Responding to a Data Breach

Smart organizations realize that incidents can occur regardless of precautions and seek to respond to breaches in a resilient and professional manner. However, when confronted with an actual breach it often becomes clear that response capabilities are lacking.

In some cases, the technology solutions to detect, repair and recover from data loss are not in place; in other cases, the protocol for quickly communicate a clear, unified message to all stakeholders has not been established or rehearsed.

How can information security demonstrate business value when responding to a data breach, and what are the key organizational capabilities to have in place? It’s important to consider technology, process, people – and often politics. Follow these three simple steps on a continuous basis: develop a plan; practice the plan; respond decisively.

Managing Your Message

Preparation is essential. An inter-departmental scenario planning that tests the organization’s media and customer response strategy is a good way to assess your response readiness and identify areas in need of improvement. Creating and testing response plans may also attract interest from senior management, particularly if their organization, or a competitor, has suffered an incident that inflicted reputational damage.

Messaging should be about creating transparency within the organization and with the public. The organization should be seen communicating in an ethical and trustworthy manner. This is not a time for using communication as a PR spin opportunity, attempting to pull the wool over people’s eyes, or retreating behind a veil of silence. Communicate effectively throughout the incident (and afterwards) in an honest and transparent manner about the breach, the impact, what you are doing to address the impact of those affected.

Next Steps

Data breaches have become a regular feature of modern life, and have personally or professionally affected most of us, the real difficulty lies in acknowledging that breaches are inevitable, and that resources invested in advance can pay dividends when a crisis occurs.

It takes maturity for an organization to recognise it will not be able to control the narrative after a breach becomes public. Leadership involves being honest and transparent with customers; this is the only way to maintain credibility in such difficult circumstances.

A robust data breach response includes developing a plan, regular scenario planning, taking decisive action and managing the message. These actions will involve a wide range of internal stakeholders, and may involve the services of external crisis management and media experts. Once a breach happens, swift decision-making requires accurate data.

Organizations need to take stock now in order to ensure that they are fully prepared and engaged to deal with these ever-emerging security challenges, before it’s too late.

What’s Hot on Infosecurity Magazine?