[BreachExchange] Data Breach: How Bad is Bad?
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Aug 25 15:47:12 EDT 2017
http://www.embedds.com/data-breach-how-bad-is-bad/
The Apollo 13 lunar mission is often referred to as a “successful failure”.
In spite of a ruptured oxygen tank that threatened the lives of three
astronauts and the future of the moon-landing program itself, NASA
engineers devised a coordinated strategy that brought the astronauts back
to earth and that improved the safety of future missions.
In a similar fashion, a quick-thinking technician devised and implemented a
“kill switch” strategy that shut down the “Wannacry” ransomware attack that
threatened computers and systems in more than 100 countries in early 2017.
Nobody has yet dubbed the Wannacry attack and response as a “successful
failure”, but the attack’s potential damage was more limited than many
other events in the history of cybersecurity.
Hacks and data breaches are never welcome events, but a well-prepared
cybersecurity response can minimize the damaging outcome of an attack and
place it lower on a scale of overall destructiveness. For example,
businesses are experiencing a growing number of ransomware attacks.
Hacker’s frequently launch ransomware attacks by attaching a piece of
malware to an email that is sent to an employee, who then opens the
attachment in spite of warnings and training to the contrary. If a business
is unprepared, it will have few options but to pay a ransom demand in order
to unlock its data. A better-prepared business will have backed up its data
and software with technology that is not connected to its networks and that
will accordingly not be affected by the ransomware. It will also have
technology that contains the malware and shuts it down quickly.
Distributed denial-of-service (DDoS) attacks require analogous preparations
and responses. DDoS attacks flood a business’s networks with hundreds of
thousands of simultaneous calls, effectively shutting down the network’s
regular operations. A hacker might launch a DDoS attack to distract a
company’s cybersecurity team from other attempts to break into its network.
With advanced preparation, a company will be better able to detect the
onset of a DDoS attack, to analyze and identify the components affected by
it, and mitigate the problems it causes before they get out of hand. Again,
a response that is mapped out ahead of time will be the difference between
a bad result and a “successful failure”.
Targeted companies will become aware of ransomware and DDoS attacks almost
immediately, but in other cases, a data breach can go unnoticed for several
months. When the breach is discovered, a company might learn that it has
lost hundreds of thousands of data records and that its customers’ personal
and financial information has fallen prey to the hacking community. This is
a worst-case scenario, but as with other types of cyberattacks, its damages
can be minimized with advance planning and a proper incident response. Open
and timely communication with affected parties is a crucial element of that
response. Given the growing number of cyberattacks on businesses of every
size and in every industry, a company should establish procedures to
regularly inventory the data that it stores, to monitor which parties have
access to that data, to understand its regulatory obligations and legal
risks it assume when holding data, and to create a core group of employees
who will manage a response when a cyberattack does occur. The purpose of
these preparations is not so much to prevent the cyberattack as it is to
make that attack less bad.
A data breach insurance policy will go a long way toward mitigating the
damage from a cyberattack and allowing the targeted company to claim that
the attack on its business was a “successful failure”. That insurance can
provide resources to help a company communicate with and reimburse affected
customers and clients whose data might have been lost through a
cyberattack. It can also help the targeted company to pay expenses
associated with recovering lost or frozen data and to replace damaged
systems. To the extent that advance preparation is crucial to an effective
response to a cyberattack, data breach insurance is a crucial component of
that advance preparation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170825/352b90d7/attachment.html>
More information about the BreachExchange
mailing list