The steps below come from a senior executive at a Fortune 100 financial institution, who prefers to remain anonymous. CIO.com asked him what he would do if he were asked to clean up after a LinkedIn-scale breach.
Keep in mind that the financial industry has many more regulations in place than most sectors, but his advice applies broadly.
--Realize that it's important to understand the breach in detail. The goal is to figure out exactly why it happened and how to prevent it, not to assign blame.
--Interview all stakeholders (network, security, system and business) to understand the root causes better.
--Fix the problem, obviously, but move beyond tactical decisions to form a strategic security plan for the future.
--Communicate the situation clearly to end users. Then, develop a plan for ongoing training.
--Embrace stronger credential storage and
encryption practices, including migration to
SHA-512 with salting.
--Migrate to
multi-factor authentication for B2B applications and internal users.
--For consumer-facing applications and guests or partners, consider offering enhanced account protections, such as notifying consumers if their account has been accessed from an unusual IP address or an unknown device.
--Review and build better network zoning, including upgraded firewalls, IPSs, routers, etc.
--Enhance the software development lifecycle. This includes practices like periodic internal and external audits and security reviews, as well as ongoing monitoring and detection of unusual patterns.
--Share your experiences and help standards bodies develop standards for authentication, identity enforcement, digital signatures and so on.