What to do after a breach
Mon, 06/08/2020 – 23:47
Your organization has been breached.
This is the kind of thing that keeps CIOs, CISOs and other data and security types up at night. But you’re not even sure you are actually awake, because this is a real nightmare scenario.
This breach could lead to data theft, reputational harm and customer loss. Regulators could punish you with compliance fines. Management, marketing and sales might really be upset.
Then again, perhaps it’s not as bad as you expect. It depends on the extent to which you prepared for this ahead of time. And it hinges on how you react to the situation as it unfolds.
In any case, the question right now is: What do you do to address this challenging situation?
The answer is: Don’t panic. But do act fast.
Limit the threat surface and be happy you employed encryption
The first thing you need to do in the event of a breach is to identify the root cause. Then, you must move quickly to contain it before it impacts additional enterprise devices and systems.
You can do that by shutting down systems and securing physical areas related to the breach. However, just because cyberattackers have gotten into a network element or system doesn’t mean you need to close up shop. Technologies like dynamic isolation and microsegmentation can enable tech specialists to contain the threat surface while keeping operations running.
And organizations that employ end-to-end encryption are already ahead of the game. Strong encryption and key management make data unreadable to bad actors. The surge in breach complexity, bring-your-own-device trend and compliance regulations are driving encryption adoption. According to the 2020 Global Encryption Trends Study, 48% of respondents say their organization has an overall encryption plan applied consistently across the enterprise, with a further 39% having a limited plan. The global encryption software market was valued at $6.82 billion last year. By 2027, the worldwide encryption space is expected to be valued at $22.74 billion.
Assess the damage and prioritize the response
Getting a handle on what data, devices and systems were impacted by the breach is also key. So is the ability to prioritize how they were affected and what it means to your customers.
Cybersecurity and data forensics teams can help determine the scope and source of a breach. Advanced security visibility technology also can help pinpoint the cause of such situations.
If you have the tools to understand what customers were affected and how, you’ll be able to prioritize your incidence response and attend to the most valuable assets and customers first.
Be proactive in alerting those who are impacted
It’s better to reach out to customers than to have them call you with a problem. So, work quickly to contain the breach and alert those impacted by it as soon as possible.
You will want to have a crisis communications plan in place for such an event. That way, you’ll have the basic outline of the communication ready to go. And you can fill in the blanks related to the specific situation. Be brief, direct and factual in sharing the details with impacted parties.
Also keep in mind the regulatory requirements under which your organization operates. For example, the General Data Protection Regulation (GDPR) requires that businesses notify those impacted by personal data breaches within 72 of becoming aware of the security event.
Document – and learn from – the experience
Even for the most prepared organizations, responding to a breach can be tricky. But this isn’t just a crisis. It’s also a learning opportunity – and an auditable event.
That’s why organizations should keep accurate records of what happened and when. In fact, some companies now offer data breach notification software. That assists organizations in both recordkeeping and notifying the required supervisory authorities as to what occurred.
Breaches are a significant challenge for organizations of all stripes today. But our increasingly connected world and growing hacker sophistication have made them a fact of life. However, as with all things, those who prepare for the future tend to fare better than those who don’t.
While a data breach is always a nightmare, implementing identity-based management solutions and multi-factor authentication keeps bad actors from your information. And encryption and robust key management prevent them from accessing and unlocking the data they should not see.