[BreachExchange] Is your data breach response plan good enough?
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Mar 6 19:46:03 EST 2017
https://www.postonline.co.uk/post/blog-post/2482118/blog-
is-your-data-breach-response-plan-good-enough
Many savvy organisations are investing time and thought into data breach
response plans.
But plans rarely survive first contact with the enemy. That is why it's
important to stress test your incident response plan to identify weaknesses
while time is on your side.
Studies show that a swift response to a security incident retains customer
trust-and saves costs. Breaches contained within 30 days of discovery cost
an average of £2.15m, according to the Ponemon Institute. If it takes more
than 30 days to contain the breach, the average cost increases to £2.89m.
But speed can't be mandated by the plan. For this reason, plans should be
stress tested on a semi-annual or annual basis, as if you were experiencing
an active data breach.
Here are three recommendations to make the most of your stress testing
exercises.
Focus on the most likely scenarios
You're more likely to encounter ransomware via a phishing email than a
dedicated nation-state penetrating your firewall. As such, focus your
stress test on the scenarios that are most likely and threaten the worst
potential consequences.
By the time you work your way down to less-likely and less-costly threats,
you'll already have covered the common elements of your response. Knowing
how to adapt your plan to a specific threat is an expertise unto itself;
one that won't emerge naturally in the planning phase.
Make it more than a technical exercise
By the time Target alerted its customers about its historic breach in
December 2013, several days already had passed. The delay impacted consumer
faith and the retailer's bottom line, and was a consequence of Target's
leadership treating the breach as a purely technical issue.
Non-technical staff, such as legal, public relations and human resources,
should participate in stress-test activities, too. Try to strike a balance
between internal staff, who may be more familiar with the company, and
external specialists, who have expertise and can take on extra work.
Apply lessons learned
The true benefit of a stress test is the analysis following the experience.
The whole point is to make improvements to your plan by responding to what
went wrong and reinforcing what went right.
Your breach response plan should include time for the incident response
team to reflect and discuss the exercise. Additionally, ensure that any of
the team's recommendations are reviewed and implemented within a specified
timeframe.
The benefits of organising and testing your incident response plan could
far outweigh the costs. Factor in the peace of mind your C-suite and
response team will gain when they feel confident in their plan, and we
believe you'll arrive at a compelling argument to place stress tests near
the top of your to-do list.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170306/a3b9b925/attachment.html>
More information about the BreachExchange
mailing list