There’s no escape, and you can be assured that it will occur if it hasn’t already! I’m talking about data breach. No single day passes without hearing about a data breach incident in the news. But how do you deal with all the security intrusions? There are two ways I’ll cover data breach, both in terms of preventive and corrective actions.
Facts and stats
Not all organizations are equally at risk. A study showed that the information and professional services industry is the most at risk taking up a
third of the data breach incidents. Following closely are financial services companies. If your organization falls under these categories, it’s safe to say that security should be your top priority, just from the stats. In the U.S., 22 percent of companies acknowledged being exposed to a data breach.
In its 2015 Cost of Data Breach Study, IBM and Ponemon Institute reported on the consequences of a data breach for the 21 Canadian companies participated. The report revealed that:
- $5.32 million is the average total cost of data breach
- $250 is the average cost per lost or stolen record
- 52% of data breaches involved malicious or criminal attacks
With the rising rates of data breach incidents, it was recorded that more than two-thirds of incidents have featured phishing.
The impact of incidents and cost of damage
No doubt, data breaches have both financial and goodwill cost. With the increase in breaches, the cost is both dollars and damage to brands. For example, as per its 2014 Q4 earnings report, it will cost Target $162 million to recover the data breach incident. Another survey revealed that reputation and brand protection ranked the highest, at 47 percent, while 39 percent ranked legal costs and regulatory fines as a high priority.
You have to do your best effort to prevent data breach. But how do you prevent data breach from ever occurring, and is this even a possibility? Here we refer to cyber-security which is a process of applying security measures to ensure confidentiality, integrity, and availability of data.
It all starts with data classification. No preventive measure will prove effective unless you start by identifying confidential or sensitive information. Data classification is a key in any preventive measure which relies on designated data loss prevention (DLP) solutions to cover data: in-use, in-motion, and at-rest.
While DLP might be a viable solution, it has a lot to do with internal employees which should be given special attention as many attacks are internal. Internal data breach is as dangerous as the external ones with employees are a major factor. Internal data breach can take several forms: Email, Instant messaging, File transfer protocol, Social media, Removable media, Cameras, or via Hard copy. In such cases, policies, procedures, training and awareness programs are key measures to ensure that employees are aware of their roles and responsibilities.
Another critical measure is on the application layer where enforcing best practices of security by design, and secure coding could reduce if not eliminate the application flaws and vulnerabilities.
Also, with the speed change in the nature of attacks, several intrusion detection techniques are needed to provide for a more timely response, better monitor and analyze data and stop security incidents before an actual data breach. Actually, a mind shift is needed to move protection from the perimeter to building more internal controls as well.
One of the last measures is by adopting and enforcing new laws. New laws might be needed prevent an illegal or unethical activity from occurring. Deterrence can prevent illegal or unethical activity from occurring. Also, as penalties are needed, is the enforcement of these penalties.
Risk mitigation after data breach
But, what if all the preventive measures mentioned above didn’t prevent data breach, how do you recover? With the high likelihood of being hit, here is what every organization should do:
The first action of your response plan is communicating the incident with your stakeholders, as delivering the message is very critical. Also, the timing and the content of the message is very important with respect to customer sensitivity in these cases.
Your incident response actions should include
First of all notify your response team including, IT, security, customer care, and legal office. Take actions to secure the area or network zone where the data breach occurred. If the attack was over the internet, you will need to stop additional data loss by taking the attacked server offline. If the attack was internal, try to answer what, how, who, and when about the incident.
Document everything about the breach. You might need help of external forensics service for an in-depth investigation. Notify legal office and upper management. Most importantly, document all investigation related information.
For more about this topic, refer to the recent #ITWCchat