SIDEBAR: How to clean up after a breach

The steps below come from a senior executive at a Fortune 100 financial institution, who prefers to remain anonymous. asked him what he would do if he were asked to clean up after a LinkedIn-scale breach.

Keep in mind that the financial industry has many more regulations in place than most sectors, but his advice applies broadly.

–Realize that it’s important to understand the breach in detail. The goal is to figure out exactly why it happened and how to prevent it, not to assign blame.
–Interview all stakeholders (network, security, system and business) to understand the root causes better.
–Fix the problem, obviously, but move beyond tactical decisions to form a strategic security plan for the future.
–Communicate the situation clearly to end users. Then, develop a plan for ongoing training.
–Embrace stronger credential storage and encryption practices, including migration to SHA-512 with salting.
–Migrate to multi-factor authentication for B2B applications and internal users.
–For consumer-facing applications and guests or partners, consider offering enhanced account protections, such as notifying consumers if their account has been accessed from an unusual IP address or an unknown device.
–Review and build better network zoning, including upgraded firewalls, IPSs, routers, etc.
–Enhance the software development lifecycle. This includes practices like periodic internal and external audits and security reviews, as well as ongoing monitoring and detection of unusual patterns.
–Share your experiences and help standards bodies develop standards for authentication, identity enforcement, digital signatures and so on.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Featured Reads