Key Rules for Handling a Cyber Attack

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.lawfuel.com/cyber-attack

The growth in cyber attacks upon companies, highlighted by the problems
Sony Pictures recently experienced, has also heightened the need for more
education about what companies need to do in order to keep themselves
‘cyberattack-safe’.

Australian law firm Wootton & Kearney has indicated that 2015 could provide
a boom year for hackers and those who mount these destructive attacks,
releasing information on what companies should do after a data breach has
occurred.

While you may be adept at selling cyber insurance coverage, do you know
what to do in the event of a hack on your own systems as well as those of
your clients?

Wootton & Kearney partner, Patrick Boardman, stressed that 2015 could be a
major year of online disruption.

“Since the start of 2015 there have been 2 serious hacking attacks in the
US and Australia. It is currently understood that up to 80 million records
held by the US health insurer, Anthem, and up to 770,000 records held by
Australian travel insurer, Aussie Travel Cover, were compromised in the
attacks.

“If these hacking attacks are an early indication of the things to come,
2015 could be a very bad year for mass data breaches around the world and
in Australia.”

In a four step guide for all industries, Boardman revealed the key things
that companies that have suffered a data breach must do in the aftermath:

1) Contain the breach
Boardman stressed that once an attack has been detected, it is “vital” that
it be contained.

“The appropriate response to the breach will depend on the nature of the
attack and the data that has been compromised, which may include shutting
down any affected servers or accounts.”

Businesses that have come under attack should conduct a preliminary
assessment of the attack and then take the steps necessary to limit the
breach and find out what data has actually been compromised.

2) Understand the breach
In the early stages of any cyber attack it is important to understand what
data has actually been compromised and the scale of the breach you have
been subjected to.

Boardman stressed that finding the cause of the data breach is also
integral as well as what damage the breach could have caused to those whose
data has been accessed.

“The information gathered will impact on how the company deals with the
attack.

“If the attack has only compromised a limited number of encrypted files the
response will differ considerably from an attack that has compromised a
large number of unencrypted documents that can: facilitate identity theft,
cause direct or indirect financial loss, or cause serious reputational
damage,” Boardman writes.

3) Notify third parties
One aspect of Australian, and indeed global, privacy law could be subject
to change regards the decision to notify those involved in the hack, as
Boardman stresses: “…There are no mandatory notification requirements, but
each case should be considered on its own merit.”

Boardman recommends letting third parties know if there is a serious risk
of physical, psychological or financial harm, and a serious reputational
risk for the company.

Also, if the failure to notify could lead to “separate causes of action
against the company for breach of conduct, negligence, or breach of
statutory or fiduciary duty.”

Boardman also recommends consulting with legal counsel before any
notification is made to ensure that the notification details necessary
topics.

“Due to the likely criminal nature of the attack, the breach should be
reported to the Federal Police. If the breach is extensive it may also be
appropriate to notify the Australian Information Commissioner (OAIC). In
some circumstances OAIC may be able to provide further guidance and
assistance to the affected company and 3rd parties.”

4) Review
The final step is also one of the most important as companies should look
at what went wrong with their breach and how to stop those in future.

“Once immediate action has been taken to stop the breach, the company
should fully investigate the attack with the view of preventing similar
future breaches.

“The affected company should also create or update its breach response plan
by drawing on the lessons learnt from the attack.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!