Data Breaches Are A Matter of When, Not If. So What Do You Do?

1
Data Breaches Are A Matter of When, Not If. So
What Do You Do? - Seceon ? 1 (978)-923-0040 ?
info_at_seceon.com
Data Breaches Are A Matter of When, Not If. So
What Do You Do? by Pushpendra Mishra
Data security is one of the most important
priorities for businesses around the world.
However, just like a physical security system can
only deter the thieves, cybersecurity solutions
and measures too can only deter but not necessary
prevent the attack. No set of security measures
is completely infallible to a breach. So data
breaches are a matter of when, not if. Most
businesses are vulnerable to a breach and are
expected to be prepared for such an event to
ensure business preservation and continuity.
Recent examples of Equifax breach, Russian
hacking US grid and Iranian hackers of 300
universities in US and abroad certainly adds to
the urgency for a post-breach plan. Smit
Kadakia, Chief Data Scientist and Co-founder of
Seceon (also a machine learning expert) and I
were recently chatting about what organizations
must do, not only to protect themselves but also
have a well laid-out plan of action should they
get breached. According to Smit, It is prudent
for an enterprise to put together a
well-marinated action plan with minimal impact to
the organizations employees, customers and
partners. and suggested a ve-step approach
that businesses today must perform post-breach to
minimize risk and for responsible handling and
reporting.
2
Data Breaches Are A Matter of When, Not If. So
What Do You Do? - Seceon Actions that a business
must perform post-breach for responsible handling
and reporting First and foremost, the highest
priority datasets and their speci c content must
be identi ed at the same time as implementing
any cybersecurity measures and should not be an
afterthought once the breach has occurred.
Assessing the damage will entail working through
all of your important data assets in the order
of priority. The stakeholders must be appraised
of the breach and should be continually
updated of the ndings. Also, some stakeholders
must have a plan of internal communication as
well as externally as required. Second, the
containment must be done swiftly and in parallel
to the damage assessment and stakeholder
communication. The time elapsed between the
attack and the containment is crucial to the
amount of the damage a business will incur. So,
the containment should preferably be in or near
real-time. Some of the methods of containment
include moving the infected assets to a
quarantine area, halting the backup process to
minimize the spreading of the infection,
blocking the external attacker or disabling the
credentials of an attacker. Networking devices,
endpoint security tools or an authentication
service can help accomplish such containment.
However, a uni ed security solution that can
manage all of these disparate artifacts will
speed up the containment and be more
effective. Once the breach is detected,
recording of the details is absolutely necessary
to manage post- breach and post-containment
fallouts. It is highly recommended to maintain
encrypted records of your security postures
off-site so these are themselves not compromised.
The records must include details such as, speci
c actions taken to isolate effect of the breach
on valuable data, speci c impact, time of the
breach, duration of the breach, the effectiveness
of the containment, communication employed and
the audience feedback. These details will not
only help in presenting to stakeholders,
customers and regulatory authorities but also in
performing retrospection for improved future
preparation. Third, business continuity is of
paramount importance and can be achieved through
means, such as, failover infrastructure
architecture, disaster recovery sites, off-site
back-up/restore methods, application of a patch,
etc. Typically, contemporary hybrid and cloud
infrastructures allow almost instantaneous
switchover to a different and unaffected location
for accessing critical data while the breach is
being investigated and addressed. Preparation
must include detailing the steps and assigning
responsibilities to ensure smooth transition. The
goal is to ensure that the mitigation for future
attack prevention is handled with a good balance
between the short-term quick band-aid and the
long-term exposure to the business. Fourth, most
industries have to comply with their speci c
regulatory authorities. For example, businesses
dealing with patient data in US must comply with
HIPAA regulations. Maintaining continuous
compliance with these regulations and archiving
audit records will minimize the effects of the
damage. Also, the plan must include designated
responsibility for law enforcement reporting.
Law enforcement activities should be recorded
and reported to preserve the image of the
business. Compliance to regulations such as GDPR
require reporting and records of such reporting
to stay compliant. Fifth, one of the key
objective for the post breach operations is to
mitigate the risk. The 2018 cost of data breach
study conducted by Ponemon Institute states The
average time to identify a data breach in the
study was 197 days, and the average time to
contain a data breach once identi ed was 69
days. The risk associated with the breach is
directly related to the time to identify the
breach. The best security protection can only be
achieved by the solution and the staff that
thrives for near real-time threat detection and
containment. Customers must be completely on
board with the security readiness. The readiness
must encompass both prevention of attacks and
post-breach management. Customer communication
must include full transparency and integrity
oftheir data security and also set the
expectations, should the breach happen and also
minimize surprises during the post-
3
In conclusion, security operations should be akin
to a management system and, in that respect,
automation to detect and respond quickly will
play a very important role. Such a solution will
give a business a good chance of effectively
managing the post-breach scenarios. Thus, wide
variety of tools is not necessarily an answer. A
more comprehensive solution, good preparation and
a goal-oriented security management will likely
be a much more effective approach.
Address - 238 Littleton Road Suite 206 Westford,
MA 01886 Phone no - 1 (978)-923-0040 Email Id
- sales_at_seceon.com Website - https//www.seceon.c
om/