[BreachExchange] Does your business really know how to handle a data breach?

Destry Winant destry at riskbasedsecurity.com
Mon Oct 29 22:14:45 EDT 2018


Whilst data breaches can result in substantial fines that can hit
company finances hard, they have many, often more immediate, impacts.
Businesses that do not respond quickly and decisively at the first
sign of a data breach will find themselves constantly struggling to
play catch-up. This means that when the fine hits they are often in
such a weakened state that they cannot recover. The brutal truth is
that 66% of small to medium businesses go out of business after a data

Large companies often don’t fare much better. Whilst they may be
better equipped at dealing with the financial impact of a fine, the
reputational damage can be immense. Once businesses have lost
sensitive data it can be almost impossible to convince customers that
they are a trustworthy organisation. Throughout 2017 companies large
and small suffered data breaches, the overall impact of which was
larger than it needed to be. If you want to mitigate the impact of
future data breaches, and hopefully prevent them, here’s what you need
to know.

Act quickly

When a data breach occurs, businesses must know exactly how to react
immediately. A data breach requires an immediate response from every
part of your business. Your IT and business teams will need to locate
and close any vulnerabilities in your IT systems or business processes
and switch over to Disaster Recovery arrangements if they believe
there has been a data corruption. Your business units need to invoke
their Business Continuity Plans and you will need to stand up your
executive Crisis Management Team. Your speed and effectiveness of
response will be greatly improved if you have at your fingertips the
results of your Data Protection Impact Assessment (DPIA) that details
all the personal data you collect, process and store, categorised by
level of sensitivity. If companies are scrambling around, unsure of
who should be taking charge and what exactly should be done, then the
damage caused by the data breach will only be intensified.

Be open and honest

A data breach is never ideal, but if your business suffers one it is
important that you inform those that are affected as quickly as
possible. This will allow them to implement their own self-protecting
measures. We live in a highly connected world with hyper-extended
supply chains and therefore having a crisis communication plan that
sets out in advance who needs to be contacted should a breach occur
will mean that important stakeholders don’t get forgotten in the heat
of the moment.

Failing to inform people in a timely manner can be very costly indeed.
In 2017, it was revealed that Uber kept quiet about a data breach that
affected 57 million people for more than a year. Regardless, of the
reasons behind Uber’s silence, when the news broke there was a public
outcry that damaged the company’s reputation so badly that it’s shares
suffered a 30% loss. Who’s responsible?

The Information Commissioner’s Office (ICO) compiles quarterly
statistics about the main causes of reported data security incidents.
In the last quarter, four of the five leading causes in cases where
the ICO took action involved human errors and process failures.
Therefore, whilst, once a breach has occurred, it is important that IT
administrators comb through network traffic archives to look for any
abnormal activity it is equally important to look at your business
processes and ensure that your DPIA is up to date.

If the breach is a criminal matter, make sure you pass on any and all
relevant evidence to the police so that those responsible can be
brought to justice.

Pre-empt future attacks

Prevention is always better than cure. Therefore, rather than wait
until you suffer a data breach and find out the hard way what threats
and vulnerabilities you have in your IT systems and business processes
we recommend that you take action now.

It is good business practice to continuously monitor risk, including
information risk, and ensure that the controls are adequate. However,
in the fast-paced cyber world where the threats are constantly
changing this can be difficult in practice.

However, by partnering with an external provider such as Sungard AS,
you have access to all the specialist skills and capabilities you need
to make sure that your organisation is as robust as it can be and is
ready and able to spring into action to minimise the impact of a data

For example: our security professionals can conduct physical and
logical penetration testing and check your organisations
susceptibility to social engineering; our business process
professional can ensure that you have effective business continuity
and back-up solutions in place; and our crisis leadership team can
provide executive coaching to ensure that your C-suite have the
skills, competencies and psychological coping strategies that will
help them lead your organisation through the complex, uncertain and
unstable environment that is caused by a data breach and emerge the
other side stronger and more competitive than when you went in.

More information about the BreachExchange mailing list