[BreachExchange] We’ve Had a Cyber Breach, Now What?

Audrey McNeil audrey at riskbasedsecurity.com
Thu Aug 3 19:10:15 EDT 2017


http://blog.thebrokerlist.com/weve-cyber-breach-now/

We’re well into 2017 and are becoming comfortable with the consistent news
of organizations being breached and information held hostage. We’ve also
heard of organizations with lax security precautions taken. This leads to
user data leaked as a consequence of poor efforts to secure client data and
company networks.

One instance recently occurred, where approximately 200 of voter profiles
were leaked due to poor security measures put in place. Names, addresses,
birth dates, social media posts etc., were downloaded and leaked due to
improper security procedures. Over 1 Terabyte (1,000 Gigabytes) of data to
be more specific.

This has potentially crippling consequences to any company. Without the
proper backing from a legal team, a full stand-alone cyber insurance
policy, and an organized in-house Cyber Breach Response teams found
breaches have soared into the millions. In some cases has permanently shut
down businesses.

Now, supposing you have the appropriate set of layered securities in place.
You have a trained Breach-Response Team and appropriate Cyber Policy and
Legal Team backing you up. Now, what are the necessary steps to take when a
breach occurs?

Step number one is to assemble your business’ Cyber Response Team. Making
sure to bring everyone up to date and on the same information. Next, be
sure to immediately reach out to your insurance carrier’s claims
department. They will be your main point of contact and a guide in possibly
dark and complex times.

In these incidences, time is of the essence. Knowing who your claims
representative is ahead of time, and considering them members of your Cyber
Response Team will aid in maximizing efficiency in an instance where every
moment counts.

The initial conversation will mark the beginning of what is called the
breach-response life-cycle. Your Claims Manager will inquire with you about
the unauthorized disclosure, data theft, data ransom, or complete loss as a
key activity in the forensic and legal analysis of your specific
occurrence. This can include a third party approved by your carrier
depending on the complexity and overall size of the loss in question.

Following this step, is the coverage letter. This letter will list the
coverage you’ve purchased in great detail. The coverage letter typically
provides additional information about this type of occurrence. This
information is usually available to you from your broker, agent or carrier,
and should be reviewed by your Response Team in preparation for a breach.

At this point, the monetary value of the breach will begin to show in the
form of public relations costs, data recovery, victim/client notification,
new systems and securities implemented, credit monitoring etc. These are
all tasks and items that are coordinated, implemented and invoiced by your
Claims Team. Be sure you keep close contact with both your in-house
Response Team and carrier Claim Team. This will ensure open communication
and efficacy.

Payday Lender Wonga was hit in April by a clever hacker. This individual
had recently hacked their systems to steal over $3.1 million dollars from
just over 9,000 of their users. The follow-up breach affected over a
quarter of a million users making it one of the largest hacks this year.

A Cyber Breach is a burdensome undertaking, but with a fair amount of
preparation and swift coordinated action, the pains can be made bearable
and costs manageable. It’s no longer a matter of if it will happen. It’s
now only a matter of time, and will you be ready when that time comes?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170803/8ab2d17d/attachment.html>


More information about the BreachExchange mailing list