[BreachExchange] Four best practices in responding to a security breach

[Audrey McNeil]

http://www.bankingtech.com/752672/four-best-practices-in-
responding-to-a-security-breach/

>From Tesco’s cyberheist to the attacks carried out over Swift’s system,
it’s clear the financial industry is a gold mine for cybercriminals –
there’s been a 40% increase in cybercrimes targeting the financial sector
over the past year despite improved risk management.

In response to the industry’s heightened security climate, chief
information security officers (CISOs) and information security executives
have become an integral part of board-level decisions, including mergers
and acquisitions, business model changes and product development, as each
has an impact on IT security and how the security operations centre handles
risk.

In terms of complexity and size, cyberattacks are constantly growing. It’s
essential for CISOs and information security executives from financial
institutions to learn from other high-profile organisations who’ve fallen
victim to a cyberattack and suffered brand damaging breaches in how they
should and should not craft their crisis management plan.

Breaches have become inevitable. Critical mistakes will not only damage
your brand in the eyes of your customers, but also disengage your employees
and reduce the trust of leadership. By implementing the practices below,
you can respond to breaches swiftly and suitably while preserving brand
equity.

1. Keep affected users in the loop

If your financial organization suffered a breach, you wouldn’t want to hear
about it on the news before a message came directly to your inbox. CEOs and
company spokespeople should work to inform clients, employees and
shareholders of security issues as soon as they occur. Of course, the
process is not always straightforward, or even possible: the 2016 Verizon
Data Breach Investigations Report found that law enforcement agents tend to
discover breaches before IT security teams are even aware malware has
circumvented security and has exfiltrated personally identifiable customer
data or personally identifiable information (PII).

To keep affected parties informed, forming a crisis committee can help
organizations plan first steps, timelines and protective measures in
advance. When an attack hits, such planning can smooth the response and
reaction process – and avoid situations involving delayed responses,
incorrect information and lacking actionable steps for customers.

2. Communicate transparently – and with a forward-thinking eye

When you search for the gold standard in how to respond to a breach, one of
the most critical components of a response plan is to communicate clearly
about the breach and have a plan to mitigate the damage. Focus on
reclaiming and reporting the information your customers care about most.
Rather than listing tedious technical details about the information
compromised in the breach, highlight the steps you take to fix the problem
and focus on earning back trust. To aid this effort, a trained forensic
investigator should be available either externally or within your incidence
response team to recover critical system artifacts and other potential
evidence and ensure that the chain of evidence is intact to understand
exactly how the attack circumvented your security, what information was
stolen or compromised, and ultimately how extensive the breach may be.

3. Know your industry (and its major threats)

According to surveys conducted by IT security media outlets, approximately
66% of customers said they would not do business with an organisation that
had been breached. We saw this with Target, Home Depot and other large
retailers in the US who were victims of breaches; but what happens when
it’s a small or medium-sized business (SMB)? SMBs are an enticing target to
cybercriminals; the smaller the organisation is, the more important it is
to understand the organisation’s strengths and weaknesses from a security
posture. Customers have become less likely to forgive companies who don’t
protect their data and are particularly unforgiving when it comes to small
businesses.

IT security leaders should understand the principal threats in their
industries. Ransomware often targets healthcare organisations; retailers
consistently deal with malware attempting to exfiltrate customers’ PII,
such as credit card data. The financial industry deals with the largest
number and most diverse types of attacks.

Fortunately, adversity breeds the next generation of ideas and solutions.
Financial industry leaders are joining forces to create a knowledge base of
threats, zero-day exploits, and capabilities to track attack trends
including malware strains and indicators of compromise (IOCs). The
Financial Services Information Sharing and Analysis Centre (FSISAC) was
formed in 1999 by banking industry professionals to collaborate on
cyberdefense strategies, and similar organisations have gained momentum in
terms of participation over the past several years. Additionally, FSISAC
now provides incentives for smaller financial institutions, such as credit
unions, to assemble resources and protect against threats for the entire
industry.

4. Be the example your customers are looking for

In the wake of a security breach, true leadership skills shine. Addressing
customers, employees and networks honestly, while sharing strategies and
highlighting lessons learned from similar situations can inspire hope and
build a foundation on which customers can move forward. After all, security
attacks and breaches are now part of life: thousands took place in the last
year, and the total amount is growing at a 38%. By helping customers and
stakeholders overcome breaches and put responsible security practices in
place, financial institutions need can protect their customers and put them
at ease if their personal information is compromised.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170417/c864f51a/attachment.html>