Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

01:03 PM
Dark Reading
Dark Reading
Products and Releases

Experian Data Breach Resolution Reveals Five Common Mistakes Made When Handling A Breach

In recognition of National Cyber Security Awareness Month, the list identifies missteps that may put organizations at greater risk for reputational, financial, and legal damage

COSTA MESA, Calif., Sept. 30, 2013 /PRNewswire/ -- A data breach is an issue that can affect any organization and National Cyber Security Awareness Month is an opportune time for organizations to start to prepare for an incident or enhance their current response plan. With experience handling thousands of breaches, Experian Data Breach Resolution is observing the commemorative month by providing key insight into how to overcome common mistakes companies experience when handling a data breach.

"While there has been great progress among businesses and institutions in data breach prevention, breaches can still occur and it's important to execute the right steps after an incident," said Michael Bruemmer, vice president at Experian Data Breach Resolution. "Being properly prepared doesn't stop with having a response plan. Organizations need to practice the plan and ensure it will result in smooth execution that mitigates the negative consequences of a data breach."

Those possible outcomes can include a loss of customers, regulatory fines and class-action lawsuits. Studies show that a majority of organizations had or expect to have a data breach that results in the loss of customers and business partners, and more than 65% of companies have or believe they will suffer serious financial consequences as a result of an incident[1]. Among companies that had breaches, the average cost reported of incidents was $9.4 million in the last 24 months. These costs are only a fraction of the average maximum financial exposure of $163 million that the companies surveyed (breached or not) believe they could suffer due to cyber incidents[2].

Experian Data Breach Resolution will present on this topic at The International Association of Privacy Professionals (IAPP) Privacy Academy held in Bellevue, Seattle, on Oct. 1 at the conference session titled, "Managing the Top Five Complications in Resolving a Data Breach." Those not in attendance can view the presentation through a live stream at http://www.ustream.tv/experiandbr and pose questions to the panelists in real time via Twitter using the hashtags #databreach and #iapp.

According to Bruemmer, three of the most common mistakes include:

-- No engagement with outside counsel -- Enlisting an outside attorney is

highly recommended. No single federal law or regulation governs the

security of all types of sensitive personal information. As a result,

determining which federal law, regulation or guidance is applicable

depends, in part, on the entity or sector that collected the information

and the type of information collected and regulated. Unless internal

resources are knowledgeable with all current laws and legislations, it

is best to engage legal counsel with expertise in data breaches to help

navigate through this challenging landscape.

-- No external agencies secured -- All external partners should be in place

prior to a data breach so they can be called upon immediately when a

breach occurs. The process of selecting the right partner can take time

as there are different levels of service and various solutions to

consider. Plus, it is important to think about the integrity and

security standards of a vendor before aligning the company brand with

it. Not having a forensic expert or resolution agency already identified

will delay the data breach response process.

-- No single decision maker -- While there are several parties within an

organization that should be on a data breach response team, every team

needs a leader. Determine who will be the driver of the response plan

and primary contact to all external partners. Also, outline a structure

of internal reporting to ensure executives and everyone on the response

team is up to date and on track during a data breach.

Depending on the industry, additional oversights may involve securing proper cyber insurance and following the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH). The complete list and tips to overcome these issues will be addressed by Bruemmer at the IAPP Privacy Academy presentation.

For the Experian Data Breach Resolution schedule of presentations, visit http://www.experian.com/data-breach/events.html.

Additional data breach resources, including Webinars, white papers and videos, can be found at http://www.experian.com/databreach.

Read Experian's blog at http://www.experian.com/dbblog.

About Experian Data Breach Resolution

Experian® is a leader in the data breach resolution industry and one of the first companies to develop products and services that address this critical issue. As an innovator in the field, Experian has a long-standing history of providing swift and effective data breach resolution for thousands of organizations, having serviced millions of affected consumers. For more information on the Experian Data Breach Resolution division at ConsumerInfo.com, Inc. and how it enables organizations to plan for and successfully mitigate data breach incidents, visit http://www.experian.com/databreach.

About Experian

Experian is the leading global information services company, providing data and analytical tools to clients around the world. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended March 31, 2013 was

US$4.7 billion. Experian employs approximately 17,000 people in 40 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and Sao Paulo, Brazil.

For more information, visit http://www.experianplc.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Peter Fretty
Peter Fretty,
User Rank: Moderator
10/4/2013 | 6:43:43 PM
re: Experian Data Breach Resolution Reveals Five Common Mistakes Made When Handling A Breach
It's always baffling when reading the significant number of breaches that are not identified by the victim but a third party. One would hope it would serve as an eye opener that it's time for action. Businesses need to embrace solid multifaceted strategies that not only include tools (i.e. next gen firewalls), but also an education platform.

When specifically looking at breaches, itGs time to move beyond simply relying on antivirus signatures and look at layers of detection that stop threats at different stages of their execution. We need to make sure protection also looks at risky user behavior tooGnot just for malicious code.

Peter Fretty, IDG blogger working on behalf of Sophos
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.