Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

1/31/2017
10:30 AM
John Bruce
John Bruce
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

3 Things Companies Must Do Before A Data Breach

It's important to plan ahead for when you're attacked, and these tips will help you get ready.

As attacks become more complex, more damaging, and more frequent than ever, the quality of your response becomes critical to limiting the impact. In fact, a strong incident response (IR) function saves an average of $400,000 in damages per data breach, according to the Ponemon Institute, in research sponsored by IBM Resilient. 

The new Cyber Resilient Organization study by the Ponemon Institute showed security teams are striving to build stronger and more proactive incident IR programs — but clearly, they have some serious challenges. Two-thirds of IT and security professionals aren't confident in their organization's cyber resilience. And three-quarters of them don't have a cybersecurity IR plan in place that's applied consistently across their organization.

The study also suggested key guidance for increasing cyber resilience: improved planning and preparation. Successfully resolving and mitigating a cyberattack requires fast, intelligent, and decisive action. You need to have a plan in place to know what to do before an attack happens, and, as importantly, practice executing it.

When it comes to the plan, here are three things to include and tips on how to prepare before an attack occurs.

1. Identify and Involve Internal Collaborators
IR is an organization-wide priority, with many business units playing a critical role in successfully resolving an attack. Legal, HR, and finance teams must be involved to ensure compliance with regulations, and understand liabilities in case of a breach or when you're facing an insider attack. In the worst cases, the marketing department and the organization's executives may need to step in to address the media.

During an incident, security leaders should coordinate with these parties as needed, providing specific guidance on the nature of the incident, what's being asked of them, and when they need to act. For example, in the case of a ransomware attack, who makes the decision whether to pay the ransom or determine the business value of the data being ransomed?

Before an incident occurs, involve these groups in the IR planning process. Get their input early — and let them know what will be expected of them. It's also smart to include them in simulations and exercises, to ensure they're primed to act when needed.

2. Enable Investigation into the Full Scope of the Attack
This might seem like an obvious step, but in today's world of advanced persistent threats and targeted campaigns, truly understanding the extent of an attack can be difficult. 

The emergence of threat intelligence gives security teams a strong weapon in gaining context about incidents. By leveraging the indicators of compromise; tactics, techniques, and procedures; and other artifacts of an incident, analysts can discern if an attack is a singular incident or part of a larger campaign against you. Threat intelligence also helps you understand the identity of the adversary and their goal: Is the adversary a single attacker, part of an organized crime group, or a state actor? Is the target intellectual property, customer information, or employee information? By understanding these aspects of the attacks, you can more accurately determine the scope of your challenge and whom to involve.

3. Map Out the Regulatory Ramifications
The regulatory impact of a breach can be one of the costlier aspects of a successful attack. It's no surprise, but the Ponemon Cost of a Data Breach study showed that more heavily regulated industries,  including healthcare and finance, incurred higher data breach costs.

The challenge boils down to two factors: complex and inconsistent regulations, and tight deadlines. For any incident, it's important to get your legal team involved early, and provide team members with the details they need to make fast and accurate decisions.

Being prepared for this is going to be even more critical in the future. The EU's impending data breach law — the General Data Protection Regulation — is among the widest-sweeping global privacy regulations we've seen. It doesn't come into effect until 2018, but smart organizations are preparing, planning, and assessing their ability to comply today.

Incident response is the most human-centric security function,  more so than prevention and detection. Bringing people process and technology together as a cohesive whole when needed is critical.

By taking steps today to develop, practice, and refine IR processes, teams will be much better able to successfully manage and mitigate the damage when they inevitably occur.

Related Content:

John Bruce is a seasoned executive with a successful track record of building companies that deliver innovative customer solutions, particularly in security products and services. Previously chairman and CEO of Quickcomm, an Inc. 500 international company headquartered in New ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NAOVI
50%
50%
NAOVI,
User Rank: Apprentice
1/31/2017 | 12:03:29 PM
Data breach article
Great post I will look out for more of your work. It's is great for a cleint we have. Cheers 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.