Work at it
A report (see below) on helping execs respond faster to data breaches says start by becoming proactive in understanding the security risks of the organization. Identify the valuable and sensitive information that could be targeted and have a strategy for its protection.
Lock it up
Ensure security measures are put in place to address cyber attacks and data breaches. One way is have an independent third party provide recommendations on the adequacy of security practices and procedures.
Meet regularly
Schedule regular meetings (not ad hoc) with the CEO and board of directors to keep them informed about the threats to the organization and the ability of the organization to mitigate the risk of a security incident.
Test, test, test
Require frequent fire drills and/or war games to assess readiness. Forensics technologies and expertise should be part of the incident response plan to be able to determine the root cause of the breach as quickly as possible.
Train, train, train
Address the insider threat with training and awareness programs. Require audits to ensure training is ongoing and reducing employee mistakes and negligence in the handling of sensitive and valuable information. To reduce the malicious insider threat, review access governance practices and proof of enforcement of policies.
Centralize leadership
Appoint a high-level security leader supported by certified and expert staff to be accountable and responsible for incident response. In the event of a security incident, these six governance practices were shown to reduce the cost to respond to the incident by an average of $2.3 million and $2.2 million, respectively.
Senior executives and boards are waking up to the dangers of cyber attacks. But how ready are they to face a data breach? Not very, according to a study by the Ponemon Institute for Hewlett-Packard.
Seventy per cent of the 495 executives in the U.S. and Britain surveyed think their organization only partially understands the risks they’re exposed to as a result of a data breach.
While less than half of C-suite and board-level executives are kept informed about the breach response process, only 45 per cent believe they are accountable for the incident response.
The good news is that just under 80 per cent of respondents say executive level involvement is necessary for a successful data breach response. Seven in ten respondents believe board level oversight is also crucial.
HP has created a way for organizations to rate their breach response preparedness with a free assessment tool. It’s a series of questions that compares an organization’s answers to those of its industry peers.
Meanwhile Ponemon drafted six ways executives can improve the organization’s response to a data breach. All images from Shutterstock.com.