Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/24/2009
03:33 PM
John H. Sawyer
John H. Sawyer
Commentary
50%
50%

Taking Some Of The Sting Out Of Data Breaches

Anyone who has suffered a recent data breach involving regulatory or legislative data knows the investigation can be an excruciating process. The investigation is subject to time constraints as to how long it takes time to prepare and notify affected individuals. Statutes may apply to the company requiring customers to be notified within X number of days. And, of course, breaches never occur when it's convenient for the victim. So what can you do to streamline the investigative process and make

Anyone who has suffered a recent data breach involving regulatory or legislative data knows the investigation can be an excruciating process. The investigation is subject to time constraints as to how long it takes time to prepare and notify affected individuals. Statutes may apply to the company requiring customers to be notified within X number of days. And, of course, breaches never occur when it's convenient for the victim. So what can you do to streamline the investigative process and make it less painful?"Five Ways To Survive a Data Breach Investigation," by Bill Brenner, does a good job of covering some of the stages of response that can certainly help organizations get back on their feet. The highlights include designing your response plan to be quick, not touching anything, involving legal counsel, deciding whether the investigation should be loud or silent, and educating employees. Great advice, but I think there is a piece missing -- public relations.

Having a response plan built for speed should include a team made up of not only techies, but at least one person from general counsel and one from the PR group. The PR rep is there to help with the game plan on how to handle releasing the information to the public, writing the notification letters, and setting up scripts for the call center (which may be necessary to handle the inquiries from concerned customers/clients).

I also recommend that the team meet a couple of times a year to review and update the response plan to address changes in corporate policy, legislation, or regulations that impact what must be done if certain types of data are breached (like personal or health info). The response workflow needs to have all parties plugged in to be successful.

Definitely take a look at Bill's article, and see if your incident response plan includes those items and the PR aspect I mentioned above. If not, then you could be in for a world of hurt when it's your turn to be the victim of a breach.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.