informa
/
Slideshow

6 Questions to Ask Once You’ve Learned of a Breach

With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.
1. Did a breach actually take place?
2. How do we roll out our incident response plan?
3. How did the threat actor gain access to our IT environment?
4. Does the threat actor still have access to our IT environment?
5. What type of information did the threat actors steal?
6. What was the motive?
1/6

 

Companies don't have the luxury of waiting days and even weeks before they report a data breach to the public. Many global firms do business overseas and are subject to GDPR, and California's data privacy law goes into effect Jan. 1, 2020. There are other such measures on the way in India and Brazil.

All these new measures require that companies report a breach within 72 hours.

That means it's more important than ever for companies to know how to respond once they learn that they've been breached. The M-Trends 2019 report released by FireEye Mandiant found that 59% of breaches are self-detected, while 41% are reported to breached companies by external sources.

Charles Carmakal, strategic services CTO for FireEye Mandiant advises companies to start by validating that a breach took place and if you haven’t already, develop a comprehensive incident response plan.

"It's really important to know what the attack was and why the bad threat actors broke in," Carmakal says. "Do your due diligence and have this information because it will really help you from a legal perspective if the case gets turned over the law enforcement and there's an indictment."

While some companies have clear processes and procedures in place, many companies (especially SMBs) are not at all prepared to handle a breach. Start by asking the following six questions.

 
Next slide
Recommended Reading: