Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

1/31/2017
10:30 AM
John Bruce
John Bruce
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

3 Things Companies Must Do Before A Data Breach

It's important to plan ahead for when you're attacked, and these tips will help you get ready.

As attacks become more complex, more damaging, and more frequent than ever, the quality of your response becomes critical to limiting the impact. In fact, a strong incident response (IR) function saves an average of $400,000 in damages per data breach, according to the Ponemon Institute, in research sponsored by IBM Resilient. 

The new Cyber Resilient Organization study by the Ponemon Institute showed security teams are striving to build stronger and more proactive incident IR programs — but clearly, they have some serious challenges. Two-thirds of IT and security professionals aren't confident in their organization's cyber resilience. And three-quarters of them don't have a cybersecurity IR plan in place that's applied consistently across their organization.

The study also suggested key guidance for increasing cyber resilience: improved planning and preparation. Successfully resolving and mitigating a cyberattack requires fast, intelligent, and decisive action. You need to have a plan in place to know what to do before an attack happens, and, as importantly, practice executing it.

When it comes to the plan, here are three things to include and tips on how to prepare before an attack occurs.

1. Identify and Involve Internal Collaborators
IR is an organization-wide priority, with many business units playing a critical role in successfully resolving an attack. Legal, HR, and finance teams must be involved to ensure compliance with regulations, and understand liabilities in case of a breach or when you're facing an insider attack. In the worst cases, the marketing department and the organization's executives may need to step in to address the media.

During an incident, security leaders should coordinate with these parties as needed, providing specific guidance on the nature of the incident, what's being asked of them, and when they need to act. For example, in the case of a ransomware attack, who makes the decision whether to pay the ransom or determine the business value of the data being ransomed?

Before an incident occurs, involve these groups in the IR planning process. Get their input early — and let them know what will be expected of them. It's also smart to include them in simulations and exercises, to ensure they're primed to act when needed.

2. Enable Investigation into the Full Scope of the Attack
This might seem like an obvious step, but in today's world of advanced persistent threats and targeted campaigns, truly understanding the extent of an attack can be difficult. 

The emergence of threat intelligence gives security teams a strong weapon in gaining context about incidents. By leveraging the indicators of compromise; tactics, techniques, and procedures; and other artifacts of an incident, analysts can discern if an attack is a singular incident or part of a larger campaign against you. Threat intelligence also helps you understand the identity of the adversary and their goal: Is the adversary a single attacker, part of an organized crime group, or a state actor? Is the target intellectual property, customer information, or employee information? By understanding these aspects of the attacks, you can more accurately determine the scope of your challenge and whom to involve.

3. Map Out the Regulatory Ramifications
The regulatory impact of a breach can be one of the costlier aspects of a successful attack. It's no surprise, but the Ponemon Cost of a Data Breach study showed that more heavily regulated industries,  including healthcare and finance, incurred higher data breach costs.

The challenge boils down to two factors: complex and inconsistent regulations, and tight deadlines. For any incident, it's important to get your legal team involved early, and provide team members with the details they need to make fast and accurate decisions.

Being prepared for this is going to be even more critical in the future. The EU's impending data breach law — the General Data Protection Regulation — is among the widest-sweeping global privacy regulations we've seen. It doesn't come into effect until 2018, but smart organizations are preparing, planning, and assessing their ability to comply today.

Incident response is the most human-centric security function,  more so than prevention and detection. Bringing people process and technology together as a cohesive whole when needed is critical.

By taking steps today to develop, practice, and refine IR processes, teams will be much better able to successfully manage and mitigate the damage when they inevitably occur.

Related Content:

John Bruce is a seasoned executive with a successful track record of building companies that deliver innovative customer solutions, particularly in security products and services. Previously chairman and CEO of Quickcomm, an Inc. 500 international company headquartered in New ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NAOVI
50%
50%
NAOVI,
User Rank: Apprentice
1/31/2017 | 12:03:29 PM
Data breach article
Great post I will look out for more of your work. It's is great for a cleint we have. Cheers 
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Inside North Korea's Rapid Evolution to Cyber Superpower
Kelly Sheridan, Staff Editor, Dark Reading,  12/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27409
PUBLISHED: 2020-12-04
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.
CVE-2020-27408
PUBLISHED: 2020-12-04
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
CVE-2020-27765
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause ot...
CVE-2020-27766
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, b...
CVE-2020-27767
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application avai...