Sergio Galindo, General Manager at GFI Software, looks at what steps must be taken when a data breach or attack hits a business.
Cyber crime is rewriting the crisis management rule book as data breaches get ever more damaging and costly for the enterprises that suffer them.
High profile web sites such as Ashley Madison and household name companies like Carphone Warehouse are just two of the most recent public data breaches that have circulated the media recently and they won’t be the last. Apart from the immeasurable disruption such breaches can cause customers, they also provide not only short term, but also long term harm to the brands reputation and bottom line.
More often than not, companies are taking far too long to detect a data breach and to clean up the mess.
In the worst cases, the breach is not discovered at all during the data theft process, even if the data is being put to criminal or unethical use right under an organisation’s nose.
As data breaches are becoming more publicised and damaging to valuable and hard-built reputations, board of directors are taking the threat far more seriously and hold IT far more accountable if they fail to spot, contain or otherwise act against an intrusion or malware outbreak inside the organisation. Current crisis management techniques are outdated, formulaic and constrained when compared to the crisis they are trying to contain and resolve.
Security systems are just not dynamic or multi-faceted enough to deal with the nature of today’s ubiquitous cybercrimes.
Cyber crisis management should not be considered simply as a combination of crisis management, emergency and terrorist responses. There needs to be both internal and external cooperation and communication in play and an environment where enterprise risk management, business continuity, emergency response, reputation management, and corporate governance are balanced.
What to do when a data breach or crisis hits?
Whether you are a giant multinational corporation, a small business, sole trader, or end user, you can help to stop breaches and clean up the damage. First, the most pressing problem is discovering the breach. Recent research from the Poneman Institute revealed it takes an average of 256 days to find out that an organisation suffered a breach.
Meanwhile, credit card numbers may have been exposed, competitors may have an organisation’s confidential plans and intellectual property, while personal information may be used for identity theft and other financial fraud. Intrusion detection, firewall logs and solutions like an event log manager can all help to identify suspicious activity earlier.
If you have logs, you really must read them to see if anything is askew. Also, if you are a client-facing organisation, make sure you empower your customers to contact you if they see anything suspicious happening with their account.