Companyseceon
Uploaded on Dec 28, 2022
Category
Business
Data security is one of the most important priorities for businesses around the world. However, just like a physical security system can only deter the thieves, cybersecurity solutions and measures too can only deter but not necessary prevent the attack. No set of security measures is completely infallible to a breach. So data breaches are a matter of when, not if. Most businesses are vulnerable to a breach and are expected to be prepared for such an event to ensure business preservation and continuity. Recent examples of Equifax breach, Russian hacking US grid and Iranian hackers of 300+ universities in US and abroad certainly adds to the urgency for a post-breach plan. Call Us: +1 (978)-923-0040
Category
Business
Data Breaches Are A Matter of When, Not If. So What Do You Do_ - Seceon
Data Breaches Are A Matter of When, Not If. So What Do You Do? -
Seceon
+1 (978)-923-0040 [email protected]
Data Breaches Are A Matter of
When, Not If. So What Do You
Do?
by Pushpendra Mishra
Data security is one of the most important priorities for businesses around the
world. However, just like a physical security system can only deter the thieves,
cybersecurity solutions and measures too can only deter but not necessary prevent
the attack. No set of security measures is completely infallible to a breach. So data
breaches are a matter of when, not if.
Most businesses are vulnerable to a breach and are expected to be prepared for such
an event to ensure business preservation and continuity. Recent examples of Equifax
breach, Russian hacking US grid and Iranian hackers of 300+ universities in US and
abroad certainly adds to the urgency for a post-breach plan.
Smit Kadakia, Chief Data Scientist and Co-founder of Seceon (also a machine learning
expert) and I were recently chatting about what organizations must do, not only to
protect themselves but also have a well laid-out plan of action should they get
breached. According to Smit, “It is prudent for an enterprise to put together a well-
marinated action plan wi th minimal impact to the organization’s employees, customers and
partners.” and suggested a ve-step approach that businesses today must perform
post-breach to minimize risk and for responsible handling and reporting.
Data Breaches Are A Matter of When, Not If. So What Do You Do? - Seceon
Actions that a business must perform post-breach for responsible handling
and
reporting
First and foremost, the highest priority datasets and their speci c content must be
identi ed at the same time as implementing any cybersecurity measures and should
not be an afterthought once the breach has occurred. Assessing the damage will
entail working through all of your important data assets in the order of priority. The
stakeholders must be appraised of the breach and should be continually updated
of the ndings. Also, some stakeholders must have a plan of internal
communication as well as externally as required.
Second, the containment must be done swiftly and in parallel to the damage
assessment and stakeholder communication. The time elapsed between the attack
and the containment is crucial to the amount of the damage a business wil l incur.
So, the containment should preferably be in or near real-time. Some of the methods
of containment include moving the infected assets to a quarantine area, halting the
backup process to minimize the spreading of the infection, blocking the external
attacker or disabling the credentials of an attacker. Networking devices, endpoint
security tools or an authentication service can help accomplish such containment.
However, a uni ed security solution that can manage all of these disparate artifacts
wil l speed up the containment and be more effective.
Once the breach is detected, recording of the details is absolutely necessary to
manage post- breach and post-containment fallouts. It is highly recommended to
maintain encrypted records of your security postures off-site so these are
themselves not compromised. The records must include details such as, speci c
actions taken to isolate effect of the breach on valuable data, speci c impact, time of
the breach, duration of the breach, the effectiveness of the containment,
communication employed and the audience feedback. These details will not only
help in presenting to stakeholders, customers and regulatory authorities but also in
performing retrospection for improved future preparation.
Third, business continuity is of paramount importance and can be achieved through
means, such as, failover infrastructure architecture, disaster recovery sites, off -site
back-up/restore methods, application of a patch, etc. Typically, contemporary hybrid
and cloud infrastructures allow almost instantaneous switchover to a different and
unaffected location for accessing critical data while the breach is being investigated
and addressed. Preparation must include detailing the steps and assigning
responsibilities to ensure smooth transition. The goal is to ensure that the
mitigation for future attack prevention is handled with a good balance between the
short-term quick band-aid and the long-term exposure to the business.
Fourth, most industries have to comply with their speci c regulatory authorities. For
example, businesses dealing with patient data in US must comply with HIPAA
regulations. Maintaining continuous compliance with these regulations and archiving
audit records wil l minimize the effects of the damage. Also, the plan must include
designated responsibility for law enforcement reporting. Law enforcement activities
should be recorded and reported to preserve the image of the business.
Compliance to regulations such as GDPR require reporting and records of such
reporting to stay compliant.
Fifth, one of the key objective for the post breach operations is to mitigate the risk.
The 2018 cost of data breach study conducted by Ponemon Institute states “The
average time to identify a data breach in the study was 197 days, and the average
time to contain a data breach once identi ed was 69 days”. The risk associated with
the breach is directly related to the time to identify the breach. The best security
protection can only be achieved by the solution and the staff that thrives for near
real-time threat detection and containment.
Customers must be completely on board with the security readiness. The readiness
must encompass both prevention of attacks and post-breach management. Customer
communication must include full transparency and integrity oftheir data
security and also set the expectations, should the breach happen and also
minimize surprises during the post-
In conclusion, security operations should be akin to a management
system and, in that respect, automation to detect and respond quickly
will play a very important role. Such a solution will give a business a
good chance of effectively managing the post-breach scenarios. Thus,
wide variety of tools is not necessarily an answer. A more
comprehensive solution, good preparation and a goal-oriented security
management will likely be a much more effective approach.
Address - 238 Littleton Road Suite #206 Westford,
MA 01886
Phone no - +1 (978)-923-0040
Email Id - [email protected]
Website - https://www.seceon.com/
Comments