BreachExchange mailing list archives
Data breach: How to react in the crucial first 24 hours
From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Wed, 28 Oct 2015 19:06:48 -0500
http://realbusiness.co.uk/article/32050-data-breach-how-to-react-in-the-crucial-first-24-hours You’ve been hacked. Despite all of your preparation and investment your business has lost mission critical data, leaving your customer details and brand reputation at risk. What should you do in the first 24 hours? While it’s clear no organisation is safe, that’s no excuse for not having a response plan in place. In this situation, you need to act quickly to not only meet various compliance regulations, but also to limit the scope of the damage caused by the breach. In a recent report, Juniper Research predicted that the cost of data breaches will amount to £1.3tn by 2019, showing just how costly data breaches are becoming and the importance of having a contingency plan in place. If a breach happened right now, would you be prepared? Would you know what to do and how to act? If the answer is no, then you need to create a robust, clear policy. This plan should be well-defined, concise and rehearsed. Much like a fire drill, all employees of your organisation should be aware of the procedures and how to act almost instinctively. So, what does such a plan look like? While levels of urgency will depend on the severity and scale of the breach, here’s some advice for what you need to do in those crucial first 24 hours. *Hours 1-2: Triage – Assess the situation* When a patient is admitted to A&E, the first thing the doctor will do is determine the severity of the injury. This is the perfect analogy for what a business needs to do in the immediate wake of a breach. Someone in the business with sufficient training should take a step back, assess the situation and classify it accordingly: Has a device been stolen? Has your server been hacked? Have you been hit by a denial of service attack? Once the threat has been identified, this would be the time to enact automated controls. For instance, in the case of a stolen laptop, a company would activate any underlying embedded technology solution to either remotely delete the data, track the stolen device or cut the network connection. *Hours 2-8: Legal and containment * This is the stage where roles need to be assigned amongst your team. Once you have identified the severity of the breach, your legal team can advise on the best course of action. Your company must also appoint somebody with sound communication skills and a thorough knowledge of the problem to interact with the relevant authorities (dependent on data regulations in your region). You should also use this time to make sure that your automated controls have worked and confirm that the threat is contained. *Hours 8-18: Analysis and investigation * Documentation is everything, and you must make sure that you have all of the facts at hand. Depending on the type of data that has been compromised, your customers and the authorities will want the full picture. Evidence has to be properly collected and logged; not only for these reasons but so that the root of the cause can be properly identified, and prevented from happening again. Once established, you should ensure that you have several people in the organisation that can liaise with anyone who may be concerned about the breach, be that business partners, worried customers, or the press. *The first 24 hours is just the beginning. Find out what steps you need to take following the breach, such as how to issue breach notifications to your customers and how to educate your staff to prevent another breach. Continue reading on page two.*
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Data breach: How to react in the crucial first 24 hours Inga Goddijn (Oct 29)