No matter how secure your business, data breaches are an unfortunate fact of life. Whether an attack is the result of a determined cybercriminal, a disgruntled insider, or simple human error, you can limit the damage with a carefully crafted response strategy.
There’s a lot of groundwork to cover to begin building an effective strategy for coping with a breach: You need to gather relevant data, prioritize potential threats, and make sure you have solid detection capabilities in place. Then, and only then, can you start to assign responsibilities and draw up step-by-step workflows for different scenarios.
Here’s a closer look at what’s required.
Before you can craft a valuable plan, you need to understand what a major catastrophe would look like for your organization. There are many types of breach and all data is not equal in value, so dig into scenarios that would bring your everyday business activities to a halt. Gather all key stakeholders to discuss the risks, put forth their views on what represents the biggest threat, and work towards a consensus on the top risks.
When everyone is agreed on a prioritized shortlist, report to the board. This gives you a great starting point but bear in mind that your list will have to be updated regularly. If you enter a new partnership, release a fresh line of services or products, hire a new member to the C-suite, or go through any other substantive changes, then your major risks need to be reconsidered.
IT departments find it challenging to track every device, person, and application in use across an organization at the best of times, and with the rapid rise in remote working this has become even tougher. Nevertheless, it’s crucial to have a big picture view of your entire network. Rather than prohibiting, try to find strategies to encompass unsanctioned apps and cloud-based services securely. Create secure barriers on personal devices between employee’s lives and work-related data.
Assess user privileges. Try to rein in admin rights and excessive access to data where it’s not really required. Put rigid policies in place to ensure user accounts are properly closed when people depart the organization. A big part of being able to establish and retain a complete picture of your network depends on striking the right balance between caution and convenience. People must be able to do their jobs effectively, so any security policy that’s too restrictive is doomed to failure.
It’s common for data breaches to go unnoticed. A successful phishing attack or software exploit may give an attacker access, and if the breach isn’t flagged, they may be quietly present on your network for days, weeks, months, or even years. Start with the assumption that a breach may have already occurred and perform a deep scan of your network.
A continuous monitoring system is a good idea. Consider software that can detect unusual user activity and data exfiltration. Remember that you need to establish a baseline of normal behavior for this kind of software to be effective. The aim is to detect a breach in real time, to prevent it from developing, and to minimize the potential damage.
The panic that a breach causes often provokes a rush to action but can also cause paralysis. The best way to avoid either issue is to lay out a clear set of responsibilities. Everyone should know who is responsible for what, and when things should happen. Most importantly, ensure that employees know who to alert first when a suspected breach is discovered.
Time is of the essence, so reporting incidents to people with the skills to assess them properly is vital. Beyond IT and security teams, it’s wise to loop in the legal team to ensure compliance, and the communications team to handle queries. As things develop, execs and the board must be kept apprised of progress and may need to weigh in with decisions.
After a breach, customers and business partners will be clamoring for information, internal staff will want to know what’s happening, and the press may ask for commentary or explanation. Whether it’s a major or minor breach, your reputation is at stake. Set expectations on how often statements and updates will be delivered. Clarity is vital; there should only be one voice emanating from your organization.
Ensure that your employees understand the importance of a united front for messaging after a breach and be sure that your communication strategy delineates who writes and approves messages.
When a potential breach is flagged, you need a process to validate it before you bring in the incident response team. Craft clear plans for different kinds of breaches that makes clear the actions that need to be taken. Present a set of prioritized steps explaining precisely what’s required. Consistency is key. Eliminate room for doubt or misinterpretation.
The only way to be sure your plans are fit for purpose is to test them. Make sure your employees are well versed in the new workflows and that communication channels work as intended. Run through exercises to test different scenarios with the relevant players and identify weak points that require further attention. To achieve real long-term resilience, you will have to continually test and improve your plan.
Breaches are sometimes unavoidable, but a strong response plan will help you minimize the disruption to business operations.
From complexity to proficiency: How CNAPP transforms cloud security across the application lifecycle.
By Guilio Astori Sep 05, 2024 5 minsHowever, that has meant hiring has slowed, leading to overworked staff. The risk is that some will leave when the job market opens up.
By Howard Solomon Sep 05, 2024 5 mins CSO and CISO Budget SecurityBGP has been open to misconfiguration and abuse for decades; The Office of the National Cyber Director (ONCD) wants that to change.
By John E. Dunn Sep 05, 2024 1 min Internet Security Security brandpost Sponsored by FortinetWhile there’s no single solution for outpacing today’s cybercriminals, there are several steps you should take now to ensure your team is prepared to guard against attackers’ evolving methods.
By Derek Manky Sep 04, 2024 5 mins SUBSCRIBE TO OUR NEWSLETTER
Michelle Drolet is a seasoned security expert with 26 years of experience providing organizations with IT security technology services. Prior to founding Towerwall (formerly Conqwest) in 1993, she founded CDG Technologies, growing the IT consulting business from two to 17 employees in its first year. She then sold it to a public company and remained on board. Discouraged by the direction the parent company was taking, she decided to buy back her company. She re-launched the Framingham-based company as Towerwall. Her clients include Biogen Idec, Middlesex Savings Bank, PerkinElmer, Raytheon, Smith & Wesson, Covenant Healthcare and many mid-size organizations.
A community activist, she has received citations from State Senators Karen Spilka and David Magnani for her community service. Twice she has received a Cyber Citizenship award for community support and participation. She's also involved with the School-to-Career program, an intern and externship program, the Women’s Independent Network, Young Women and Minorities in Science and Technology, and Athena, a girl’s mentorship program.
Michelle is the founder of the Information Security Summit at Mass Bay Community College. Her numerous articles have appeared in Network World, Cloud Computing, Worcester Business Journal, SC Magazine, InfoSecurity, Wired.com, Web Security Journal and others.
The opinions expressed in this blog are those of Michelle Drolet and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.
