How is that we can be so fascinated with data breaches, yet also miss one of the most basic fundamentals of handling them? Is it because there is nothing sexy about an incident response plan? Or maybe it’s just difficult to get excited about something for which there is no fancy appliance?
Time and again I have seen organizations of all sizes suffer data breaches that nearly put them out of business. However, in many of those cases it wasn't the loss of data that caused the most damage. It was their poor and often sluggish response that put them under the spotlight of a regulator (i.e. the FTC and others) or made them a target of a class-action lawsuit (too many to list).
In most of those cases, they could have completely avoided that negative attention (and costs) if they had an up-to-date incident response plan, were performing mock incident drills and executed the plan accordingly. Having a solid incident response plan can be the determining factor as whether you are leading your organization through an incident or being dragged through it.
-- Christopher Novak is a Managing Principal and a founding member of Verizon Business' Investigative Response Team. Mr. Novak is also a senior investigator and has more than 10 years of experience investigating both civil and criminal computer-based data breaches along with acting in a litigation support capacity. He continues to respond to high-profile cases on a global basis and works closely with local, state, federal, and foreign law enforcement agencies. He was an author of this year's Data Breach Investigations Report, is a frequent source in technology related media, and a regular speaker at industry conferences. He most recently spoke at the RSA Europe Conference (10/2009).