Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Strategy: Planning and Recovering From a Data Breach

2014 was a terrible, horrible, no good, very bad year for cyber attacks.

2014 was a terrible, horrible, no good, very bad year for cyber attacks. Target’s point-of-sale attack in late 2013 proved to be a common breach theme in 2014, targeting retailers such as Michaels, Kmart, Home Depot, and Neiman Marcus. Attackers also began targeting cloud applications, from Apple iCloud to Salesforce (Zeus variant and Dyreza) to Office 365. The recent Sony Pictures breach also demonstrated attackers’ turn for the malicious, from sending threatening employee emails and demanding ransom to creating malware focused not just on exfiltration but on destroying data.

The costs of a data breach—lost business, damaged reputation or the risk of regulatory action—have never been higher. Yet, while successful breaches occur within minutes and 88% are exfiltrating within those minutes, the discovery of a breach can take weeks or months. Mandiant’s 2014 threat report cites an average of 243 days to discover a breach. 

Given the near-certainty that some form an attack or data breach will happen in your organization, it makes sense to consider scenarios and plan for them when it happens. A data breach plan lays out the key steps and the key personnel to involve when a data breach happens, and needs to incorporate the following three elements:

Data Protection

Forensics and evidence collection 

 The earliest stage of any investigation is forensics. Having third-party forensics assistance on hand, or having those skillsets internally within the company is essential. Similar to trauma response, or crime scene investigations, this stage is the most critical. Preparedness, training and a well thought-of plan can contain the damage and determine the scope of the breach. The work by forensics teams can limit the damage before evidence is lost or compromised, and collect essential data required for the hard work of analysis. As information about the breach is collected, law enforcement agencies may need to be notified within a specific timeframe. 

Forensics teams no longer serve just in post-incident response. As part of a continuous monitoring security framework, forensics teams can proactively look for possible risks in the network.

Identifying regulatory mandates impacted

In conjunction with step 1 above, it is critical to understand the regulatory compliance mandates that are impacted by the data breach. Almost every state in the US, and EU government entity has data privacy and regulatory compliance mandates, which typically requires appropriate disclosure when consumer information or corporate information is exposed.

Advertisement. Scroll to continue reading.

This is where the legal teams within the organization become an essential part of the data breach plan. They are a required partner to the security team to navigate the myriad of laws, responsible disclosure requirements and any monetary compensation or fines due to the data breach. The laws differ greatly from state to state, country to country. In the United States, considerations are being made for a national data breach law to ensure consistency in disclosure of attacks. 

Lawsuits relating to cyberattacks can drag on for years, and have already been filed for high profile breaches like in the case of Target.

Managing notification of breach

Any data breach leaves a bad taste in the mouth for all customers whether or not they are impacted. Part of the data breach plan must include the specific steps to notify anyone who may be impacted, but doing it in a way that adequately addresses their concern. This includes training call center personnel, creating a specific call center line to address calls related to the breach, and offering credit monitoring services. 

Cybersecurity insurance may help not only to offset costs and liabilities from data breach incidents but also provide contracting services that address forensics, data breach notification, credit monitoring. A robust cybersecurity insurance provider may help promote the adoption of preventative cybersecurity measures that can reduce the number of cyberattacks. Of course, the key to preventing these data breaches is via continuous monitoring.

As Gartner advocates in their “adaptive protection process”, IT organizations should shift their mentality to a continuous response mentality where systems are assumed to already be compromised. If that’s the case, the creation of a robust data breach plan will become an even more critical arsenal for any IT organization.

Related: Preparing for the Inevitable Data Breach: Discussion

RelatedAll Data Is Not Valued Equally

RelatedUnderstanding IT Risk from the Business Perspective

Written By

Danelle is a seasoned product and solutions marketing leader with expertise in bringing disruptive security, cloud and AI technologies to market. She has more than 20 years of experience building and scaling GTM teams and positioning companies for growth — from early stage startups to IPO. Prior to Infoblox, Danelle held multiple Chief Marketing Officer roles, including Ordr, Blue Hexagon (acquired by Qualys) and SafeBreach where she helped define and build a new market category. She was also VP strategy and marketing at Adallom (acquired by Microsoft) and played a key role in Palo Alto Networks growth through IPO as a leader in solutions marketing. Earlier in her career, she held senior product management roles at Cisco, overseeing security, networking and VoIP products. She was co-founder of a high-speed networking chipset startup, co-author of an IP Communications Book and holds 2 U.S. patents. She has an MSEE from UC Berkeley.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Cloud and cybersecurity MSP Ekco has appointed Ben Savage as UK CEO.

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.