[BreachExchange] Recovering from a Data Breach: 3 Steps to Combat Vulnerabilities

Audrey McNeil audrey at riskbasedsecurity.com
Fri Nov 18 14:54:13 EST 2016


http://www.business2community.com/cybersecurity/recovering-
data-breach-3-steps-combat-vulnerabilities-01705986

Have you ever encountered a data breach which has exposed the
vulnerabilities of your entrepreneurial setup?

Are you worried about the lingering cybersecurity threats, looming large
within an organizational hierarchy?

In this post, we will be focusing on the techniques to combat data breaches
while containing the damage in extreme cases.

To be precise, every organization is prone to data hacks and multiple
breaches. The dangers amplify in case of small businesses as they have
lesser resources to mitigate cybersecurity threats. Moreover, being in a
constant state of risk is actually terrifying and detrimental to the
overall goals of an organization. Lastly, security breaches can be
extremely impactful and have the capability of pulling down an entire
infrastructure.

If trends are to be believed, it is actually impossible for an organization
to recover every bit of the hacked data. However, things can still be
pacified by interacting with the clients and customers, lest something
unfortunate happens. In case of a breach, it is necessary to salvage the
trust and take necessary actions to negate the consequences.

Initial Plan

Data breaches are evident and it is a matter of time an organization faces
something similar. Therefore, you must always be ready with a response plan
which can help mitigate the consequences while allowing you to keep up with
the latest industrial threats— including ransomware, digital hacks and a
lot more.

The idea here is to keep technical and legal experts on-board who can share
insights and help the organization survive the aftershock.

Identifying the Breach

There is no recovering from the breach unless the exact nature of the same
has been identified. Therefore, being well-informed is definitely a huge
step forward. You must look for clear signs of a hack without creating a
sense of panic among the employees. Mostly, businesses get an idea within
weeks or months— depending upon the section which has been compromised.

Usually, the information breaks out via business partners, media, banking
organizations or even the law enforcement channels. Therefore, it is
advisable to adopt a quick redressal technique for identifying the
breaches, at the earliest— preferably before the data is black marketed.

However, there are a few technical revelations which might just tip off an
organization about a possible breach. Be it a lagging computer with the
slowest of response times or a slew of spammy emails, these are some of the
most common indications of a hack. You need to be wary and even suspicious
when strange websites start asking for personal credentials. Moreover, if
you are working on a specific device— it is necessary to track the health
and firewall, associated with the same.

Post-Breach Developments

Upon encountering a breach, the company must look to discover the extent of
damage. While you can’t expect the hacker to go easy on you or too keep
trails, it is the duty of the technical experts to find everything possible
about the breach and the violator. The first step should be to check on the
customer files and assess the threats.

The subsequent steps should be all legal as the concerned attorney must
validate forensic investigators for checking on the data and affected
equipment. This is a great way of putting each piece back in the puzzle for
backtracking the breach.

Once the legal obligations towards clients and customers are handled,
companies must look to notify the general public— especially the insurance
regulators.

Physical after effects should involve amputation of the existing server or
the device which facilitated the breach. This will preserve evidences, if
any, for the forensic team to look at. The affected device must be
disconnected from the cloud or even the internet. The last step should
comprise of copying the activity and access logs securely from the affected
machine to the current one.

Informing Clients, Customers and Affected Parties

Here comes the most difficult part. An affected company usually handles
massive amounts of data— pertaining to clients and upon identifying a
breach— it must collect the wits and inform the affected parties of the
same.

Breaking the news to business partners and stakeholders can also be
difficult as there are possibilities of legal charades. The best way to
inform is by sending out official letters and declarations. There should be
a remedial approach like the theft identification which should be made
available to the customers— free of cost.

The response team must take care of the brand reputation and even the
affected customers during the hours of difficulty. The revelations should
always be transparent and unbiased.

Preventing Breaches

For a company which has been hacked, recovering isn’t easy and definitely
not the quickest process in town. However, once the situation has been
pacified, you should buckle up towards additional safety measures. The
first step towards safety should be the adoption of government authorized
clouds, servers or digital lockers. There are several nationwide security
systems, including digilocker and a host of cloud-based infrastructures—
specific to a given country.

The best part about government authorized setups is enhanced security and
the reliable insurance schemes— associated with these hierarchies.

You should consider each breach— either big or small— as a learning curve.
Stopping them is not the easiest but you must look to minimize the damage
to controllable proportions.

Bottom Line

Data hacks and breaches are expected in every department, regardless of the
safety measures on-board. However, the greatness of a company can be gauged
by the way it recovers from the same.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161118/01b7ba13/attachment.html>


More information about the BreachExchange mailing list