Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

1/31/2017
10:30 AM
John Bruce
John Bruce
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

3 Things Companies Must Do Before A Data Breach

It's important to plan ahead for when you're attacked, and these tips will help you get ready.

As attacks become more complex, more damaging, and more frequent than ever, the quality of your response becomes critical to limiting the impact. In fact, a strong incident response (IR) function saves an average of $400,000 in damages per data breach, according to the Ponemon Institute, in research sponsored by IBM Resilient. 

The new Cyber Resilient Organization study by the Ponemon Institute showed security teams are striving to build stronger and more proactive incident IR programs — but clearly, they have some serious challenges. Two-thirds of IT and security professionals aren't confident in their organization's cyber resilience. And three-quarters of them don't have a cybersecurity IR plan in place that's applied consistently across their organization.

The study also suggested key guidance for increasing cyber resilience: improved planning and preparation. Successfully resolving and mitigating a cyberattack requires fast, intelligent, and decisive action. You need to have a plan in place to know what to do before an attack happens, and, as importantly, practice executing it.

When it comes to the plan, here are three things to include and tips on how to prepare before an attack occurs.

1. Identify and Involve Internal Collaborators
IR is an organization-wide priority, with many business units playing a critical role in successfully resolving an attack. Legal, HR, and finance teams must be involved to ensure compliance with regulations, and understand liabilities in case of a breach or when you're facing an insider attack. In the worst cases, the marketing department and the organization's executives may need to step in to address the media.

During an incident, security leaders should coordinate with these parties as needed, providing specific guidance on the nature of the incident, what's being asked of them, and when they need to act. For example, in the case of a ransomware attack, who makes the decision whether to pay the ransom or determine the business value of the data being ransomed?

Before an incident occurs, involve these groups in the IR planning process. Get their input early — and let them know what will be expected of them. It's also smart to include them in simulations and exercises, to ensure they're primed to act when needed.

2. Enable Investigation into the Full Scope of the Attack
This might seem like an obvious step, but in today's world of advanced persistent threats and targeted campaigns, truly understanding the extent of an attack can be difficult. 

The emergence of threat intelligence gives security teams a strong weapon in gaining context about incidents. By leveraging the indicators of compromise; tactics, techniques, and procedures; and other artifacts of an incident, analysts can discern if an attack is a singular incident or part of a larger campaign against you. Threat intelligence also helps you understand the identity of the adversary and their goal: Is the adversary a single attacker, part of an organized crime group, or a state actor? Is the target intellectual property, customer information, or employee information? By understanding these aspects of the attacks, you can more accurately determine the scope of your challenge and whom to involve.

3. Map Out the Regulatory Ramifications
The regulatory impact of a breach can be one of the costlier aspects of a successful attack. It's no surprise, but the Ponemon Cost of a Data Breach study showed that more heavily regulated industries,  including healthcare and finance, incurred higher data breach costs.

The challenge boils down to two factors: complex and inconsistent regulations, and tight deadlines. For any incident, it's important to get your legal team involved early, and provide team members with the details they need to make fast and accurate decisions.

Being prepared for this is going to be even more critical in the future. The EU's impending data breach law — the General Data Protection Regulation — is among the widest-sweeping global privacy regulations we've seen. It doesn't come into effect until 2018, but smart organizations are preparing, planning, and assessing their ability to comply today.

Incident response is the most human-centric security function,  more so than prevention and detection. Bringing people process and technology together as a cohesive whole when needed is critical.

By taking steps today to develop, practice, and refine IR processes, teams will be much better able to successfully manage and mitigate the damage when they inevitably occur.

Related Content:

John Bruce is a seasoned executive with a successful track record of building companies that deliver innovative customer solutions, particularly in security products and services. Previously chairman and CEO of Quickcomm, an Inc. 500 international company headquartered in New ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NAOVI
50%
50%
NAOVI,
User Rank: Apprentice
1/31/2017 | 12:03:29 PM
Data breach article
Great post I will look out for more of your work. It's is great for a cleint we have. Cheers 
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11527
PUBLISHED: 2020-04-04
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.
CVE-2020-11528
PUBLISHED: 2020-04-04
bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c via a long line in a bitmap file.
CVE-2020-11518
PUBLISHED: 2020-04-04
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.
CVE-2020-5347
PUBLISHED: 2020-04-04
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
CVE-2020-5348
PUBLISHED: 2020-04-04
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.